CISA Activity - Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).


Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.

Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.

CISA urges users and administrators to immediately review Ivanti's security update and apply the current workaround. CISA will update this alert as Ivanti releases patches.

Continue reading...