Ivanti has launched security updates to handle a number of security flaws impacting Join Safe (ICS), Coverage Safe (IPS), and Cloud Companies Utility (CSA) that might be exploited to attain arbitrary code execution.
The record of vulnerabilities is under –
- CVE-2024-38657 (CVSS rating: 9.1) – Exterior management of a file title in Ivanti Join Safe earlier than model 22.7R2.4 and Ivanti Coverage Safe earlier than model 22.7R1.3 permits a distant authenticated attacker with admin privileges to write down arbitrary recordsdata
- CVE-2025-22467 (CVSS rating: 9.9) – A stack-based buffer overflow in Ivanti Join Safe earlier than model 22.7R2.6 permits a distant authenticated attacker to attain distant code execution
- CVE-2024-10644 (CVSS rating: 9.1) – Code injection in Ivanti Join Safe earlier than model 22.7R2.4 and Ivanti Coverage Safe earlier than model 22.7R1.3 permits a distant authenticated attacker with admin privileges to attain distant code execution
- CVE-2024-47908 (CVSS rating: 9.1) – Working system command injection within the admin net console of Ivanti CSA earlier than model 5.0.5 permits a distant authenticated attacker with admin privileges to attain distant code execution
The shortcomings have been addressed within the under variations –
- Ivanti Join Safe 22.7R2.6
- Ivanti Coverage Safe 22.7R1.3
- Ivanti CSA 5.0.5
The corporate stated it isn’t conscious of any of the issues being exploited within the wild. Nevertheless, with Ivanti home equipment being repeatedly weaponized by malicious actors, it is crucial that customers take steps to use the most recent patches.
Ivanti additionally acknowledged that its edge merchandise have been “focused and exploited by subtle menace actor assaults” and that it is making efforts to enhance its software program, implement secure-by-design rules, and lift the bar for potential abuse by adversaries.
“Whereas these merchandise usually are not the final word goal, they’re more and more the route that well-resourced nation state teams are focusing their effort on to try espionage campaigns in opposition to extraordinarily high-value organizations,” Ivanti CSO Daniel Spicer stated.
“We have now enhanced inner scanning, guide exploitation and testing capabilities, elevated collaboration and data sharing with the security ecosystem, and additional enhanced our accountable disclosure course of, together with changing into a CVE Numbering Authority.”
The event comes as Bishop Fox launched full technical particulars of a now-patched security flaw in SonicWall SonicOS (CVE-2024-53704) that might be exploited to bypass authentication in firewalls and permit attackers to hijack energetic SSL VPN classes to be able to acquire unauthorized entry.
As of February 7, 2025, almost 4,500 internet-facing SonicWall SSL VPN servers stay unpatched in opposition to CVE-2024-53704.
In the same transfer, Akamai has printed its discovery of two vulnerabilities in Fortinet FortiOS (CVE-2024-46666 and CVE-2024-46668) that an unauthenticated attacker can exploit to attain denial-of-service (DoS) and distant code execution. The issues had been resolved by Fortinet on January 14, 2025.
Fortinet has since additionally revised its advisory for CVE-2024-55591 to spotlight one other flaw tracked as CVE-2025-24472 (CVSS rating: 8.1) that would end in an authentication bypass in FortiOS and FortiProxy units through a specifically crafted CSF proxy request.
The corporate credited watchTowr Labs researcher Sonny Macdonald for locating and reporting the flaw. It is value noting that the vulnerability has already been patched alongside CVE-2024-55591, that means no buyer motion is required if fixes for the latter have already been utilized.
