Ivanti Fixes Critical Flaws in Connect Secure & Policy Secure: Here is A quick look at what to know

  • Home » Ivanti Fixes Critical Flaws in Connect Secure & Policy Secure: Here is A quick look at what to know
Ivanti
Featured News Latest News Recommended News Security Technology , , , , ,

Ivanti Fixes Critical Flaws in Connect Secure & Policy Secure: Here is A quick look at what to know

Ivanti has recently addressed three critical vulnerabilities in its Connect Secure (ICS) and Policy Secure (IPS) products. These flaws, discovered through responsible disclosure programs and bug bounty platforms, posed significant security risks. Ivanti’s swift action to release security updates highlights the importance of maintaining robust cybersecurity measures.

R-6 Ivanti Fixes Critical Flaws in Connect Secure & Policy Secure: Here is A quick look at what to know

The Vulnerabilities Explained

The three critical vulnerabilities patched by Ivanti included issues that could be exploited remotely. An attacker would need to be authenticated, and in two cases, admin privileges were necessary to achieve remote code execution or write arbitrary files. Despite these requirements, the risk remains considerable due to potential insider threats or attackers who have stolen credentials through phishing, previous breaches, or brute-forcing passwords.

Addressing Additional Issues

Ivanti’s security bulletin also mentioned five additional flaws, ranging from medium to high severity. These issues included cross-site scripting (XSS), hardcoded keys, cleartext storage of sensitive data, and insufficient permissions. The vulnerabilities affected ICS versions 22.7R2.5 and older, IPS versions 22.7R1.2 and older, and ISAC versions 22.7R4 and below. Ivanti addressed these issues in ICS version 22.7R2.6, IPS version 22.7R1.3, and ISAC version 22.8R1, which are the recommended upgrade targets for system administrators.

Interestingly, Ivanti acknowledged that the issue also impacts Pulse Connect Secure 9.x but stated it does not plan to offer fixes for these products as their support period has ended. The company encourages customers to upgrade to version 22.7 of Ivanti Connect Secure.

Mitigations and Recommendations

Ivanti has not provided any mitigations for the patched flaws, and applying the latest update is the recommended solution. The company’s proactive approach in addressing these vulnerabilities underscores the importance of staying vigilant and up-to-date with security patches to protect against potential threats.

Conclusion

Ivanti’s recent security updates for Connect Secure and Policy Secure demonstrate the company’s commitment to cybersecurity. By addressing these critical vulnerabilities, Ivanti helps ensure the safety and integrity of its products, ultimately protecting its users from potential cyber threats.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Tag

Related Posts

Post Comment