Authentication Bypass Vulnerability in Ivanti Products

Published on 09 Feb 2024 | Updated on 09 Feb 2024

Ivanti has released security updates to address a vulnerability (CVE-2024-22024) affecting Connect Secure, Policy Secure, and ZTA gateways.

Successful exploitation of this authentication bypass vulnerability could allow a remote attacker to gain access to restricted resources.

The vulnerability affects the following versions:
  • Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1)
  • Ivanti Policy Secure version 22.5R1.1
  • ZTA version 22.6R1.3
Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure