Ivanti has recently released security updates to address four vulnerabilities affecting Connect Secure and Policy Secure Gateways that have the potential to lead to code execution and denial-of-service (DoS) attacks.
One of the vulnerabilities, CVE-2024-21894, allows an unauthenticated malicious user to trigger a heap overflow in the IPSec component of Ivanti Connect Secure and Policy Secure, ultimately resulting in a DoS attack or even arbitrary code execution in certain scenarios.
Another vulnerability, CVE-2024-22052, involves a null pointer dereference issue in the IPSec component, which can also be exploited by an unauthenticated attacker to crash the service and cause a DoS attack.
In response to these vulnerabilities, Ivanti has been actively working on patching security flaws in its products to prevent exploitation by malicious actors. The company’s CEO, Jeff Abbott, emphasized the importance of enhancing security measures in light of the evolving threat landscape.
By implementing secure-by-design principles, sharing information transparently with customers, and revamping its engineering and security practices, Ivanti aims to bolster its security posture and better protect its products from potential exploits.
It is crucial for companies like Ivanti to stay vigilant against security threats and continuously improve their security practices to safeguard their products and customers from cyber attacks.
Source link
/cdn.vox-cdn.com/uploads/chorus_asset/file/25535555/STK160_X_TWITTER__B.jpg?w=1024&resize=1024,1024&ssl=1)