Security Update – Ivanti Software Vulnerability
Vulnerability Name: Ivanti VPN Software Vulnerability
CVE #s: CVE-2023-46805 and CVE-2024-21887
Platform or Software Package(s) Affected: Ivanti Connect Secure and Ivanti Policy Secure gateway products
Criticality: Critical
Recommended Action: For any customers using the two above-noted VPN solutions from Ivanti, visit the vendor’s website immediately. Patches for this critical vulnerability are available depending on which firmware/software version you are running. (The patches were made available February 1,
2024.)
Overview of Concern and Overview of Remediation: Ivanti, a software company, has announced a major vulnerability with two of their remote VPN products, which should be addressed immediately. The Ivanti official website post that gives details on this remote vulnerability is linked below:
https://www.ivanti.com/blog/security-update-for-ivanti-connect-secure-and-ivanti-policy-secure-gateways
We urge all customers using any Ivanti product (not just their VPN solutions) to review Ivanti’s website and news relating to this vulnerability, as often vendors will later announce other affected products. If you are using Ivanti for patch management or any other related solution, please be vigilant in updating your products more often in the upcoming days/weeks.
Please contact Jeremy Burris at S.R. Snodgrass, P.C. with any questions (jburris@srsnodgrass.com).
