Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Ivanti Patches Critical Disadvantages in Secupe and Policy Secure Connect – Update now
Global Security

Ivanti Patches Critical Disadvantages in Secupe and Policy Secure Connect – Update now

AdminBy AdminFebruary 12, 2025No Comments3 Mins Read
Ivanti Patches Critical Security Flaws
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


February 12, 2025Red LakshmananNetwork security / vulnerability

Ivanti Pattes Critical Safety Deficiency

Iuti is liberated Security updates to solve multiple security disadvantages that affect Secure (ICS), Secure (IPS) and Cloud Services (CSA) app that can be used to achieve arbitrary code.

List of vulnerabilities below –

  • Cve-2024-38657 (CVSS Assessment: 9.1) – External Management File Title in Ivnti Connect Secure To version 22.7r2.4 and Ivanti Policy Secure to version 22.7r1.3 Allows remote authenticated attacker with administrator’s privileges to write arbitrary files
  • Cve-2025-22467 (CVSS assessment: 9.9) – Stack -based buffer overflow to Ivanti Connect Secure to version 22.7r2.6 Allows Remote Authentic Attacks to Remove Remote Code
  • Cve-2014-10644 (CVSS assessment: 9.1) – Injection code in Ivanti Connect Secure to version 22.7r2.4 and Ivani safe to version 22.7r1.3 Allows a remote authenticated attacker with the administrator’s privileges to achieve the remote control code
  • Cve-2024-47908 (CVSS Assessment: 9.1) – Deco Teams of the operating system on the Ivanti CSA Administrator Price Administrator Prior to Version 5.0.5 Allows Remote Authentated Attack with Administrator Privileges To Achieve Remove Code
Cybersecurity

Disadvantages were considered in the versions below –

  • Ivanti Connect Secure 22.7r2.6
  • Ivanti Policy Safety 22.7R1.3
  • Ivanti CSA 5.0.5

The company said it did not know about any disadvantages used in the wild. However with Ivanti’s devices are repeatedly armed With the help of malicious actors, it is very important that users take measures to use the latest patches.

Ivanta also acknowledged that her regional products were “purposefully and used by complex attacks of actors” and that she made efforts to improve her software, implementation of safe design principles and enhance the fee for potential abuse from opponents.

“While these products are not the ultimate goal, they are increasingly becoming a route on which national groups are well reinterpreted, focusing their efforts on the attempt of espionage companies against extremely high-value organizations,” Ivani Asa Daniel Spicker – Note.

“We have expanded the internal scan, opportunities for operation and testing, increasing cooperation and sharing information with the safety ecosystem, and further expanded our responsible information disclosure process, including the Cve numbering.”

Development occurs as Bishop Fox liberated Complete technical details already requested security deficiency in Sonicwall Sonicos (Cve-2024-53704) This can be used to bypass the authentication in the firewalls and allow the attackers to abduct the active SSL VPN sessions to gain unauthorized access.

As of February 7, 2025, almost 4,500 VPN servers, which is released on the Internet SonicWall SSL, remain unwavering compared to the CVE-2024-53704.

Cybersecurity

In a similar step in the acama there is publish Its opening two vulnerabilities in the Fortinet Fortios (Cve-2024-4666 and Cve-2024-4668) that an unauthorized attacker can use to achieve a service (DOS) and execution of the remote code. The shortcomings were resolved by Fortinet on January 14, 2025.

Fortinet also since revised its recommendations for Cve-2024-5591 To emphasize another drawback that is tracked as Cve-2025-24472 (CVSS Assessment: 8.1), which may lead to the by -hand -by -Fortroxy device with a specially designed proxy CSF.

The company attributed to the Watchtowr Labs Sonny MacDonald researcher for detecting and shortcoming report. It should be noted that the vulnerability has already been recorded with the CVE-2024-5591, that is, the client’s action is not required if the latter’s fixes have already been applied.

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.