Ivanti has released security updates to address a vulnerability (CVE-2024-22024) affecting Connect Secure, Policy Secure, and ZTA gateways.
Successful exploitation of this authentication bypass vulnerability could allow a remote attacker to gain access to restricted resources.
The vulnerability affects the following versions:
- Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1)
- Ivanti Policy Secure version 22.5R1.1
- ZTA version 22.6R1.3
Users and administrators of affected product versions are advised to update to the latest version immediately.
More information is available here:
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure