H-ISAC TLP White: Vulnerability Bulletin: Ivanti Warns of New Authentication Bypass Vulnerability

On February 8, 2024, Ivanti warned of a new authentication bypass vulnerability, identified as CVE-2024-22024, impacting Connect Secure, Policy Secure, and ZTA gateways. Discovery of the new flaw comes as part of Ivanti’s ongoing investigation into vulnerabilities impacting the previously mentioned appliances

The flaw specifically affects a limited number of support versions of Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1), Ivanti Policy Secure (version 22.5R1.1), and ZTA (version 22.6R1.3) for which a patch is available here. There is no evidence of the vulnerability being exploited in the wild, as it was found during Ivanti’s internal review and testing of code. However, administrators are urged to secure the appliances immediately to ensure full protection. 

According to Ivanti, these patches replace prior patches made available on January 31 and February 1, 2024. For supported versions where a patch has not been released, the mitigation provided on January 31, 2024, is effective at blocking a vulnerable endpoint and is available now via Ivanti’s standard download portal. The remaining patches for supported versions will be released on a staggered schedule. 

Health-ISAC is distributing this report for your situational awareness.

View the detailed bulletin below.