VDB
WID-SEC-W-2024-0325
WID-SEC-W-2024-0325
PUBLISHED
Connect Secure bietet TLS- und mobile VPN-Lösungen. Ivanti Policy Secure ist eine Network Access Control (NAC) Lösung.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti Connect Secure < 22.5R1.2 | ||
| Ivanti Connect Secure < 22.6R2.2 | ||
| Ivanti Policy Secure < 9.1R17.3 | ||
| Ivanti Connect Secure < 22.5R2.3 | ||
| Ivanti Policy Secure < 9.1R18.4 | ||
| Ivanti Connect Secure < 9.1R14.5 | ||
| Ivanti Policy Secure < 22.5R1.2 | ||
| Ivanti Connect Secure < 22.4R2.3 | ||
| Ivanti Connect Secure < 9.1R18.4 | ||
| Ivanti Connect Secure < 9.1R17.3 |
Exploit Intelligence
- Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure (github-poc)
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0325.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0325 (circl)
- https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US (circl)
- https://www.ivanti.com/blog/security-update-for-ivanti-connect-secure-and-ivanti-policy-secure-gateways-282024 (circl)
- agent_group.yaml (github-poc)
- Nuclei Template: CVE-2024-22024 (nuclei-template)
Timeline
- Feb 8, 2024 CVE Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0325.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0325 advisory
- https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US url
- https://www.ivanti.com/blog/security-update-for-ivanti-connect-secure-and-ivanti-policy-secure-gateways-282024 url