Ivanti Product Security Update Advisory (CVE-2024-10630)

Overview

We have released a security update to fix vulnerabilities in Ivanti products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-10630

Ivanti Application Control versions: ~ 2024.3 (inclusive), ~ 2024.1 (inclusive), ~ 2023.3 (inclusive)
Ivanti Security Controls Versions: ~ 2024.4.1 (inclusive)
Endpoint Manager: No versions affected

 

 

Resolved Vulnerabilities

Race condition vulnerability that could allow a locally authenticated attacker to bypass application blocking (CVE-2024-10630)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

 

CVE-2024-10630

Ivanti Application Control version: 2024.3 hf1, 2024.1 hf2, 2023.3 hf3
Ivanti Security Controls: No patched version (recommended to move to or below Ivanti Neurons for App Control)
Endpoint Manager: Ivanti Application Control 2024.3 HF1, 2024.1 HF2, 2023.3 HF3 (if using Ivanti Application Control as an integration)
Ivanti Neurons for App Control: Cloud service updates automatically

 

 

References

[1] Security Advisory – Ivanti Application Control Engine (CVE-2024-10630)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630?language=en_US&_gl=1*1dlaqtc*_gcl_au*MTY0NzEyMjczMS4xNzM3NDIzODI4