Usage subject to Terms and Conditions

Read the original article at https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.
 
Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.
 
CISA urges users and administrators to immediately review Ivanti’s security update and apply the current workaround. CISA will update this alert as Ivanti releases patches.

Read the original article at https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-releases-security-update-connect-secure-and-policy-secure-gateways