Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Ivanti Fixes Critical Vulnerabilities in IWC

September 10, 2024
Reading Time: 2 mins read
in Alerts

Ivanti has released an early access version of Ivanti Workspace Control (IWC) 2024.3 to address several critical vulnerabilities that could allow attackers to escalate privileges and move laterally within networks. These vulnerabilities were discovered in IWC versions 10.18.0.0 and below and include authentication bypass flaws, DLL hijacking, and issues with the transmission of sensitive data in cleartext. The vulnerabilities were found in the management console of IWC, and successful exploitation requires local authenticated access, with privileges escalated to potentially system-level access. The early access release, Ivanti Workspace Control 2024.3 (10.18.99.0), includes a new product architecture designed to address these security flaws.

The vulnerabilities in Ivanti Workspace Control include CVE-2024-8012, CVE-2024-44105, CVE-2024-44104, CVE-2024-44107, CVE-2024-44103, and CVE-2024-44106. These issues were rated high severity, with CVSS scores ranging from 7.8 to 8.8, and could enable an attacker to escalate privileges or execute arbitrary code. Among the issues, CVE-2024-44105 describes a cleartext transmission of sensitive information in the management console, which could allow attackers to obtain OS credentials, while CVE-2024-44104 and CVE-2024-44107 involve DLL hijacking vulnerabilities that could lead to privilege escalation and arbitrary code execution. Ivanti has emphasized that these vulnerabilities must be addressed to prevent potential exploitation.

Ivanti has confirmed that at the time of the release, no customers had been reported as affected by these vulnerabilities. However, the company has advised customers to upgrade to the new architecture as soon as possible to mitigate the risks. The early access release allows users to familiarize themselves with the changes before the General Availability (GA) version becomes available, which is expected in October 2024. Ivanti has also highlighted that the end-of-life status of Ivanti Workspace Control, set for December 31, 2026, means that customers who do not wish to adopt the new architecture can migrate to Ivanti User Workspace Manager as an alternative solution.

A known issue with the early access release is that the Secondary Datastore (also known as Split/Join Datastore) feature is currently unsupported. This feature will be restored in the GA release of Ivanti Workspace Control 2024.3. Ivanti has provided clear instructions on how customers can migrate to the new IWC architecture, and the company has also reminded users to trust the TLS certificate used by the ShieldAPI during installation. These updates and instructions are designed to help users secure their environments and ensure continued protection against the vulnerabilities identified in IWC.

 

Reference:

  • Ivanti Releases Early Access Architecture for Workspace Control Fixing Critical Flaws
Tags: Cloud Services Appliance (CSA)Cyber AlertsCyber Alerts 2024Cyber threatsIvantiIvanti Workspace Control (IWC)September 2024Vulnerabilities
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial