Serial number: AV24-058
Date: January 31, 2024
On January 31, 2024, Ivanti published a security advisory to address vulnerabilities in the following products:
- Ivanti Connect Secure (ICS) gateway – versions 9.x and 22.x
- Ivanti Policy Secure (ICS) gateway – versions 9.x and 22.x
- ZTA – version 22.x
Exploitation of these vulnerabilities could allow for privilege escalation and server-side request forgery (SSRF).
Ivanti has indicated that CVE-2024-21893 have been actively exploited.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates once available.