Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure

03-Apr-24

Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS).The list of flaws is as follows -CVE-2024-21894 (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in order to crash the service thereby causing a DoS attack. In certain conditions, this may lead to execution of arbitrary code.

Read More…