Ivanti has security updates to address a number of security flaws that could be exploited to force arbitrary code execution. They affect Connect Secure ( ICS), Policy Secure ( IPS), and Cloud Services Application ( CSA ).
Above is a list of risks.
- CVE-2024-38657 ( CVSS score: 9.1 )- External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files
- ( CVSS report: 9.9 )- A stack-based cushion overflow in Ivanti Connect Secure before type 22.7R2.6 allows a remote authenticated intruder to reach remote code implementation
- ( CVSS score: 9.1 )- Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution
- ( CVSS score: 9.1 )- Operating system command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution
The issues have been addressed in the following editions:
- Ivanti Connect Secure 22.7R2.6
- Ivanti Policy Secure 22.7R1.3
- Ivanti CSA 5.0.5
The business claimed it is unaware of any exploitations of defects in the wild. However, it’s crucial that consumers take steps to implement the most recent patches because Ivanti appliances are frequently being used by malicious actors.
Ivanti also acknowledged that its border products have been “targeted and exploited by powerful risk professional attacks” and that it’s making efforts to improve its software, apply secure-by-design principles, and raise the bar for potential abuse by adversaries.
Although these products are not the final goal, well-resourced country state groups are increasingly focusing their efforts on espionage campaigns against highly-valued organizations, according to Ivanti CSO Daniel Spicer.
” We have enhanced inside scanning, regular exploitation and testing abilities, increased collaboration and information sharing with the security ecosystem, and more enhanced our responsible reporting procedure, including becoming a CVE Number Authority”.
Bishop Fox made the announcement as a detailed technical update to a recently disclosed security flaw in SonicWall SonicOS ( ) that could be exploited to obstruct firewalls and allow attackers to hijack active SSL VPN sessions to gain unauthorized access.
As of February 7, 2025, almost 4, 500 internet-facing SonicWall SSL VPN servers remain unpatched against CVE-2024-53704.
In a similar move, Akamai has its discovery of two vulnerabilities in Fortinet FortiOS ( and ) that an unauthenticated attacker can exploit to achieve denial-of-service ( DoS ) and remote code execution. Fortinet fixed the imperfections on January 14, 2025.
Fortinet has since also its advisory for to highlight another flaw tracked as ( CVSS score: 8.1 ) that could result in an authentication bypass in FortiOS and FortiProxy devices via a specially crafted CSF proxy request.
Sonny Macdonald, a watchTowr Labs scholar, was credited with finding and reporting the error by the business. It’s important to point out that the risk has already been patched along with CVE-2024-55591, so no user action is required if the latter’s fixes have already been applied.