Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google Chrome Zero-Day Cve-2025-2783 is operated by Taxoff to expand Trinper Backdoor

June 17, 2025

Langsmith Bug can expose the Openai keys and users’ data through malicious agents

June 17, 2025

How to protect backups

June 17, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Ivanti Patches Critical Disadvantages in Secupe and Policy Secure Connect – Update now
Global Security

Ivanti Patches Critical Disadvantages in Secupe and Policy Secure Connect – Update now

AdminBy AdminFebruary 12, 2025No Comments3 Mins Read
Ivanti Patches Critical Security Flaws
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


February 12, 2025Red LakshmananNetwork security / vulnerability

Ivanti Pattes Critical Safety Deficiency

Iuti is liberated Security updates to solve multiple security disadvantages that affect Secure (ICS), Secure (IPS) and Cloud Services (CSA) app that can be used to achieve arbitrary code.

List of vulnerabilities below –

  • Cve-2024-38657 (CVSS Assessment: 9.1) – External Management File Title in Ivnti Connect Secure To version 22.7r2.4 and Ivanti Policy Secure to version 22.7r1.3 Allows remote authenticated attacker with administrator’s privileges to write arbitrary files
  • Cve-2025-22467 (CVSS assessment: 9.9) – Stack -based buffer overflow to Ivanti Connect Secure to version 22.7r2.6 Allows Remote Authentic Attacks to Remove Remote Code
  • Cve-2014-10644 (CVSS assessment: 9.1) – Injection code in Ivanti Connect Secure to version 22.7r2.4 and Ivani safe to version 22.7r1.3 Allows a remote authenticated attacker with the administrator’s privileges to achieve the remote control code
  • Cve-2024-47908 (CVSS Assessment: 9.1) – Deco Teams of the operating system on the Ivanti CSA Administrator Price Administrator Prior to Version 5.0.5 Allows Remote Authentated Attack with Administrator Privileges To Achieve Remove Code
Cybersecurity

Disadvantages were considered in the versions below –

  • Ivanti Connect Secure 22.7r2.6
  • Ivanti Policy Safety 22.7R1.3
  • Ivanti CSA 5.0.5

The company said it did not know about any disadvantages used in the wild. However with Ivanti’s devices are repeatedly armed With the help of malicious actors, it is very important that users take measures to use the latest patches.

Ivanta also acknowledged that her regional products were “purposefully and used by complex attacks of actors” and that she made efforts to improve her software, implementation of safe design principles and enhance the fee for potential abuse from opponents.

“While these products are not the ultimate goal, they are increasingly becoming a route on which national groups are well reinterpreted, focusing their efforts on the attempt of espionage companies against extremely high-value organizations,” Ivani Asa Daniel Spicker – Note.

“We have expanded the internal scan, opportunities for operation and testing, increasing cooperation and sharing information with the safety ecosystem, and further expanded our responsible information disclosure process, including the Cve numbering.”

Development occurs as Bishop Fox liberated Complete technical details already requested security deficiency in Sonicwall Sonicos (Cve-2024-53704) This can be used to bypass the authentication in the firewalls and allow the attackers to abduct the active SSL VPN sessions to gain unauthorized access.

As of February 7, 2025, almost 4,500 VPN servers, which is released on the Internet SonicWall SSL, remain unwavering compared to the CVE-2024-53704.

Cybersecurity

In a similar step in the acama there is publish Its opening two vulnerabilities in the Fortinet Fortios (Cve-2024-4666 and Cve-2024-4668) that an unauthorized attacker can use to achieve a service (DOS) and execution of the remote code. The shortcomings were resolved by Fortinet on January 14, 2025.

Fortinet also since revised its recommendations for Cve-2024-5591 To emphasize another drawback that is tracked as Cve-2025-24472 (CVSS Assessment: 8.1), which may lead to the by -hand -by -Fortroxy device with a specially designed proxy CSF.

The company attributed to the Watchtowr Labs Sonny MacDonald researcher for detecting and shortcoming report. It should be noted that the vulnerability has already been recorded with the CVE-2024-5591, that is, the client’s action is not required if the latter’s fixes have already been applied.

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google Chrome Zero-Day Cve-2025-2783 is operated by Taxoff to expand Trinper Backdoor

June 17, 2025

Langsmith Bug can expose the Openai keys and users’ data through malicious agents

June 17, 2025

How to protect backups

June 17, 2025

Silver Fox Apt has on target Taiwan with sophisticated GH0Stcringe and Holdinghands Rats Malicious Programs

June 17, 2025

Google warns about scattered spider attacks focused on IT -commander by US insurance firms

June 17, 2025

Password “B” in Sitecore XP Sparks Sparks Erriss RCE when deploying businesses

June 17, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google Chrome Zero-Day Cve-2025-2783 is operated by Taxoff to expand Trinper Backdoor

June 17, 2025

Langsmith Bug can expose the Openai keys and users’ data through malicious agents

June 17, 2025

How to protect backups

June 17, 2025

Silver Fox Apt has on target Taiwan with sophisticated GH0Stcringe and Holdinghands Rats Malicious Programs

June 17, 2025

Google warns about scattered spider attacks focused on IT -commander by US insurance firms

June 17, 2025

Password “B” in Sitecore XP Sparks Sparks Erriss RCE when deploying businesses

June 17, 2025

Are you forgotten accounts of advertising services that leave you risk?

June 17, 2025

New Flodrix Botnet Option Operates Langflow Ai Server RCE BUG to launch DDOS ATTACKS

June 17, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google Chrome Zero-Day Cve-2025-2783 is operated by Taxoff to expand Trinper Backdoor

June 17, 2025

Langsmith Bug can expose the Openai keys and users’ data through malicious agents

June 17, 2025

How to protect backups

June 17, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.