Serial number: AV24-020
Date: January 10, 2024
On January 10, 2024, Ivanti published a security advisory to address vulnerabilities in the following products:
- Ivanti Connect Secure (ICS) gateway – versions 9.x and 22.x
- Ivanti Policy Secure (ICS) gateway – versions 9.x and 22.x
Exploitation of these vulnerabilities could allow for authentication bypass and execution of arbitrary commands.
Ivanti has indicated that CVE-2023-46805 and CVE-2024-21887 have been actively exploited.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates once available.