Ivanti has issued a security alert regarding a critical vulnerability across its Connect Secure, Policy Secure, and ZTA gateway devices, potentially allowing attackers to bypass authentication. Tracked as CVE-2024-22024 and rated 8.3 out of 10 on the CVSS scoring system, the flaw stems from an XML external entity vulnerability within the SAML component of the affected products. The company discovered this vulnerability during an internal review amid ongoing investigations into multiple security weaknesses identified since the beginning of the year, including several other CVEs.
The affected versions include Connect Secure versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, and 22.5R1.1; Policy Secure version 22.5R1.1; and ZTA version 22.6R1.3. Ivanti promptly released patches for the vulnerability, available for download in various versions of the affected products. While there is no evidence of active exploitation of this specific flaw, Ivanti urges users to apply the latest fixes promptly, given the history of broad abuse concerning previous vulnerabilities.
The urgency to address this security flaw is underscored by the potential risks posed by previous vulnerabilities, including CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, which have been targets of exploitation. Ivanti’s proactive approach in issuing patches demonstrates its commitment to addressing security concerns promptly and ensuring the integrity of its products. Users are encouraged to prioritize the installation of available patches to safeguard their systems and mitigate the risk of potential exploitation.
