Skip to main content

Updates address critical vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure

Threat ID:CC-4587
Threat Severity:Medium
Published:11 December 2024 2:59 PM

Summary

Updates address critical vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 22.7R2.4
Ivanti Connect Secure
Versions: all prior to 22.7R1.2
Ivanti Policy Secure

Threat details

Introduction

Ivanti has released security advisories addressing vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure. 

Ivanti Cloud Services Applicance (CSA) is an appliance that provides secure communication and functionality over the internet. Ivanti Connect Secure and Policy Secure are SSL VPN solutions used for remote and mobile access to corporate resources. 



Vulnerability details

Security Advisory Ivanti Cloud Services Application (CSA)

  • CVE-2024-11639 is an authentication bypass vulnerability in CSA with a CVSSv3 score of 10.0, which could allow a remote unauthenticated attacker to gain administrative access.
  • CVE-2024-11772 is a command injection vulnerability in CSA with a CVSSv3 score of 9.1, which could allow a remote authenticated attacker with admin privileges to achieve remote code execution (RCE).
  • CVE-2024-11773 is an SQL injection vulnerability in CSA with a CVSSv3 score of 9.1, which could allow a remote authenticated attacker with admin privileges to run arbitrary SQL statements. 

December 2024 Security Advisory Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) 

  • CVE-2024-11633 is an argument injection vulnerability in Connect Secure with a CVSSv3 score of 9.1, which could allow a remote authenticated attacker with admin privileges to achieve RCE.
  • CVE-2024-11634 is a command injection vulnerability in Connect Secure and Policy Secure with a CVSSv3 score of 9.1, which could allow a remote authenticated attacker with admin privileges to achieve RCE.

Remediation advice

Affected organisations are strongly encouraged to review Ivanti's December Security Update blog and the security advisories below, applying any relevant updates.

Remediation steps

   
Patch

Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)


https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US
Patch

December 2024 Security Advisory Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) (Multiple CVEs)


https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-11639An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
StatusPublished
CVE-2024-11772Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
StatusPublished
CVE-2024-11773SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
StatusPublished
CVE-2024-11633Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
StatusPublished
CVE-2024-11634Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

Last edited: 11 December 2024 2:59 pm

Back to top