Security Advisory

Ivanti Product Security Update Advisory (CVE-2024-21888, CVE-2024-21893)

  • Feb 02 2024

Overview

An update has been made available to fix vulnerabilities in iVanti’s products. Users of affected versions are advised to update to the latest version.
 

Affected Products

CVE-2024-21888, CVE-2024-21893

  • Ivanti Connect Secure 9.x, 22.x versions
  • Ivanti Policy Secure 9.x, 22.x versions

 

Resolved Vulnerabilities

Privilege escalation vulnerability in Ivanti Connect Secure and Ivanti Policy Secure (CVE-2024-21888)
SSRF vulnerability in Ivanti Connect Secure and Ivanti Policy Secure (CVE-2024-21893)

 

Vulnerability Patches

Vulnerability patches were made available in the February 2, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

CVE-2024-21888, CVE-2024-21893

  • Ivanti Connect Secure versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, 22.5R2.2, 22.6R1.3
  • Ivanti Policy Secure 22.5R1.1, 22.6R1.3 (ZTA version) versions

 

Referenced Sites

[1] CVE-2024-21888 Privilege Escalation for Ivanti Connect Secure and Ivanti Policy Secure
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

Tags:

Previous Post

Next Post