Ivanti released its security updates for February, addressing various critical and high severity vulnerabilities. The vulnerabilities impact Ivanti products such as Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Cloud Services Application (CSA), and Ivanti Secure Access Client (ISAC). The advisory addressed 10 vulnerabilities that can lead to remote code execution, privilege escalation, and more. … Continue reading “Ivanti February Security Updates Addresses Multiple Vulnerabilities in Popular Products”
Tag: Ivanti Connect Secure (ICS)
Ivanti Zero-day Vulnerability Impacts Connect Secure and Policy Secure (CVE-2025-0282)
Ivanti released a security advisory to address critical and high severity vulnerabilities on January 8, 2025. Tracked as CVE-2024-0282 and CVE-2025-0283, the vulnerabilities may allow remote unauthenticated attackers to achieve remote code execution or local authenticated attackers to escalate their privileges on a targeted system. Ivanti mentioned in the advisory that “a limited number of customers … Continue reading “Ivanti Zero-day Vulnerability Impacts Connect Secure and Policy Secure (CVE-2025-0282)”
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, Cloud Services Application, and Sentry
Ivanti released its December 2024 security advisory to address nine critical and high severity vulnerabilities in its products, such as Ivanti Connect Secure, Policy Secure, Cloud Services Application, and Sentry. Five of these nine vulnerabilities are rated as critical. Ivanti mentioned in the advisory that there was no prior knowledge of any customers being exploited … Continue reading “Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, Cloud Services Application, and Sentry”
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, and Secure Access Client
Ivanti Connect Secure, Policy Secure, and Secure Access Client are vulnerable to 25 security vulnerabilities. Out of these 25, eight are rated as critical, 13 as high, and four as medium. Ivanti mentioned in the advisory that there was no prior knowledge of any customers being exploited by these vulnerabilities prior to public disclosure.
Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)
The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”
