forums.ivanti.com Open in urlscan Pro
2606:4700::6811:7088  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Loading
×Sorry to interrupt
CSS Error

Refresh

Skip to Main Content

Community
 * Home
 * All Products
 * Forum Groups
   
 * Contact Support
 * Getting Started
   
 * Advantage Learning
 * Ivanti User Groups
 * Ivanti Ideas
 * Product End of Life
 * Site Resources
 * More
   


Expand search
SearchLoading



Close search

Log inAccount Management

Ask a Question


Log in for access to this feature



Security Advisory Ivanti Connect Secure and Policy Secure (CVE-2024-37404)
Primary Product

Created Date
Oct 8, 2024 2:01:32 PM
Last Modified Date
Oct 9, 2024 9:31:50 PM

Summary
Ivanti has released updates for Ivanti Connect Secure and Policy Secure which
addresses a critical vulnerability. Successful exploitation could allow a remote
authenticated attacker to achieve remote code execution. 

We are not aware of any customers being exploited by this vulnerability at the
time of disclosure.
 

Vulnerability Details: 

CVE Number 

Description 

CVSS Score (Severity) 

CVSS Vector 

CWE 

CVE-2024-37404 

Improper Input Validation in the admin portal of Ivanti Connect Secure before
22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote
authenticated attacker to achieve remote code execution. 

9.1 (Critical) 

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 

CWE-93 

 

Affected Versions 

Product Name 

Affected Version(s) 

Resolved Version(s) 

Patch Availability 

Ivanti Connect Secure 

All versions before 22.7R2.1

All versions before 9.1R18.9

22.7R2.1 

22.7R2.2 

9.1R18.9 (to be released on October 15) 

Download Portal https://forums.ivanti.com/s/product-downloads 

Ivanti Policy Secure 

All versions before 22.7R1.1 

22.7R1.1 

Download Portal https://forums.ivanti.com/s/product-downloads 

 

Solution 

Fixes are currently available for download in the standard download portal for
Ivanti Connect Secure 22.7R2.1 and 22.7R2.2 and Ivanti Policy Secure 22.7R1.1. A
fix will also be provided in 9.1R18.9 for ICS, which is set to be released on
October 15. We recommend that customers upgrade to the latest versions which
contain the fix. Additionally, customers can follow the mitigation instructions
below to reduce their risk of exploitation.
  

Mitigation or Workaround 

This vulnerability is accessible only via authenticated admin access. To exploit
this vulnerability, a threat actor must have access to the admin portal and must
have access to compromised admin credentials that allow him/her to login to the
system.  Exposure to this vulnerability can be reduced by following standard
industry practices for deploying networking devices that are present on the
internet.  

 1. Ensure that the admin access is enabled on the management interface only.
    Ivanti Connect Secure and Policy Secure provide a separate management port
    to allow customers to configure admin access on a separate port. 

 2. Ensure that the management interface is connected to an isolated internal
    network with private IP space that is isolated from the internet by a
    firewall or a jump-host. 

 3. Customers should also use standard practices to protect access to critical
    infrastructure such as strong passwords, appropriate password rotation
    policies, vaults, and MFA which will further limit the risk of
    exploitation. 

 4. Additionally, customers should enable the admin logging functionality to
    monitor and detect any unauthorized actions by unauthorized administrators
    attempting to exploit this vulnerability.    

Acknowledgements

Ivanti would like to thank the following for reporting the relevant issue and
for working with Ivanti to help protect our customers: 

 * Richard Warren of AmberWolf  

Note: Ivanti is dedicated to ensuring the security and integrity of our
enterprise software products. We recognize the vital role that security
researchers, ethical hackers, and the broader security community play in
identifying and reporting vulnerabilities. Visit HERE to learn more about our
Vulnerability Disclosure Policy.
 

FAQ 

 1. Are you aware of any active exploitation of these vulnerabilities? 

We are not aware of any customers being exploited by these vulnerabilities prior
to public disclosure. These vulnerabilities were disclosed through our
responsible disclosure program.   

 2. How can I tell if I have been compromised? 
    Currently, there is no known public exploitation of this vulnerability that
    could be used to provide a list of indicators of compromise. 

 3. Will Ivanti be backporting fixes to additional versions of ICS and IPS? 

No. The bulk of Ivanti’s current development effort on these solutions is on the
security hardening of the underlying operating system which we announced in
April. We reviewed this vulnerability and the mitigation available for customers
on older versions to apply (ensuring their admin portal is not exposed to the
internet) and decided not to redirect resources from the security hardening
effort for this point fix.  

 4. What should I do if I need help?  

If you have questions after reviewing this information, you can log a case
and/or request a call via the Success Portal  

 

 

Article Number :
000095259
Article Promotion Level
Normal

 * 
 * Terms & Conditions
 * Privacy Policy
 * 

Copyright © 2019-2023 Ivanti. All rights reserved.



Loading



WE USE COOKIES 🍪

We use cookies to optimize the website performance, content, and the overall
experience.

Privacy Policy

Cookies Settings Got it



PRIVACY PREFERENCE CENTER




YOUR PRIVACY

YOUR PRIVACY

We use cookies on this site to improve your browser experience, analyze usage
and traffic, tailor future content to your preferences, and make decisions about
our website. Select "Allow All" to accept cookies and go directly to the site,
or select a category of cookies from the menu to learn more about each type of
cookie.
More information


 * STRICTLY NECESSARY
   
   STRICTLY NECESSARY
   
   Always Active
   Strictly Necessary
   
   These cookies are required to enable core site functionality.
   
   Cookie Details‎


 * PERFORMANCE COOKIES
   
   PERFORMANCE COOKIES
   
   Performance Cookies
   
   These cookies allow us to analyze site performance and usage, so we can
   ensure you have the best experience.
   
   Cookie Details‎


 * PERSONALIZATION COOKIES
   
   PERSONALIZATION COOKIES
   
   Personalization Cookies
   
   These cookies can be set through our website by our advertising partners.
   They can be used by these companies to build a profile of your interests and
   show you relevant ads on other websites.
   
   Cookie Details‎


 * FUNCTIONAL COOKIES
   
   FUNCTIONAL COOKIES
   
   Functional Cookies
   
   These cookies enable the website to provide enhanced functionality and
   personalization. They may be set by us or by third party providers whose
   services we have added to our pages. If you do not allow these cookies then
   some or all of these services may not function properly.
   
   Cookie Details‎

Back Button


ADVERTISING COOKIES

Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts

Select All



Clear Filters

Information storage and access
Apply
Save Settings Allow All