Ivanti released its security updates for February, addressing various critical and high severity vulnerabilities. The vulnerabilities impact Ivanti products such as Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Cloud Services Application (CSA), and Ivanti Secure Access Client (ISAC). The advisory addressed 10 vulnerabilities that can lead to remote code execution, privilege escalation, and more.
As per the Ivanti advisory, no proof exists of the vulnerabilities being exploited in the wild.
CVE-2024-38657
The vulnerability has a critical severity rating with a CVSS score of 9.1. The external control of a file name vulnerability impacts Ivanti Connect Secure and Ivanti Policy Secure. Successful exploitation of the vulnerability may allow a remote authenticated attacker with admin privileges to write arbitrary files.
CVE-2025-22467
The vulnerability has a critical severity rating with a CVSS score of 9.9. The stack-based buffer overflow vulnerability impacts Ivanti Connect Secure, which may allow a remote authenticated attacker to achieve remote code execution.
CVE-2024-10644
The vulnerability has a critical severity rating with a CVSS score of 9.1. The code injection vulnerability impacts Ivanti Connect Secure and Ivanti Policy Secure. Successful exploitation of the vulnerability may allow a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-47908
The vulnerability has a critical severity rating with a CVSS score of 9.1. The OS command injection vulnerability exists in the admin web console of the Ivanti Cloud Services Application. Successful exploitation of the vulnerability may allow a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-13813
The vulnerability has a high severity rating with a CVSS score of 7.1. The Insufficient permissions vulnerability impacts Ivanti Secure Access, which may allow a local authenticated attacker to delete arbitrary files.
CVE-2024-12058
The vulnerability has a medium severity rating with a CVSS score of 6.8. The external control of a file name vulnerability impacts Ivanti Connect Secure and Ivanti Policy Secure. Successful exploitation of the vulnerability may allow a remote authenticated attacker with admin privileges to write arbitrary files.
CVE-2024-13830
The vulnerability has a medium severity rating with a CVSS score of 6.1. The reflected cross-site scripting (XSS) vulnerability impacts Ivanti Connect Secure before and Ivanti Policy Secure. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to obtain admin privileges. User interaction is required to exploit the vulnerability.
CVE-2024-13842
The vulnerability has a medium severity rating with a CVSS score of 6.0. Upon successful exploitation, a local unauthenticated attacker may read sensitive data.
CVE-2024-13843
The vulnerability has a medium severity rating with a CVSS score of 6.0. Upon successful exploitation, a local unauthenticated attacker may read sensitive data.
CVE-2024-11771
The vulnerability has a medium severity rating with a CVSS score of 5.8. The path traversal vulnerability in Ivanti CSA may allow a remote, unauthenticated attacker to access restricted functionality.
Affected and Patched Versions
| Product Name | Affected Versions | Patched Versions |
| Ivanti CSA | 5.0.4 and prior | 5.0.5 |
| Ivanti Connect Secure (ICS) | 22.7R2.5 and below | 22.7R2.6 |
| Ivanti Policy Secure (IPS) | 22.7R1.2 and below | 22.7R1.3 |
| Ivanti Secure Access Client (ISAC) | 22.7R4 and below | 22.8R1 |
For more information, please refer to the Ivanti Security Advisories.
Qualys Detection
Qualys customers can scan their devices with QIDs 382820, 382821, 732234, and 732235 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-47908-CVE-2024-11771?language=en_US
https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US
