Ivanti has launched safety updates to deal with a number of safety flaws impacting Join Safe (ICS), Coverage Safe (IPS), and Cloud Companies Software (CSA) that may very well be exploited to realize arbitrary code execution.
The record of vulnerabilities is under –
- CVE-2024-38657 (CVSS rating: 9.1) – Exterior management of a file title in Ivanti Join Safe earlier than model 22.7R2.4 and Ivanti Coverage Safe earlier than model 22.7R1.3 permits a distant authenticated attacker with admin privileges to put in writing arbitrary recordsdata
- CVE-2025-22467 (CVSS rating: 9.9) – A stack-based buffer overflow in Ivanti Join Safe earlier than model 22.7R2.6 permits a distant authenticated attacker to realize distant code execution
- CVE-2024-10644 (CVSS rating: 9.1) – Code injection in Ivanti Join Safe earlier than model 22.7R2.4 and Ivanti Coverage Safe earlier than model 22.7R1.3 permits a distant authenticated attacker with admin privileges to realize distant code execution
- CVE-2024-47908 (CVSS rating: 9.1) – Working system command injection within the admin internet console of Ivanti CSA earlier than model 5.0.5 permits a distant authenticated attacker with admin privileges to realize distant code execution
The shortcomings have been addressed within the under variations –
- Ivanti Join Safe 22.7R2.6
- Ivanti Coverage Safe 22.7R1.3
- Ivanti CSA 5.0.5
The corporate mentioned it isn’t conscious of any of the failings being exploited within the wild. Nonetheless, with Ivanti home equipment being repeatedly weaponized by malicious actors, it is crucial that customers take steps to use the newest patches.
Ivanti additionally acknowledged that its edge merchandise have been “focused and exploited by subtle menace actor assaults” and that it is making efforts to enhance its software program, implement secure-by-design rules, and lift the bar for potential abuse by adversaries.
“Whereas these merchandise are usually not the final word goal, they’re more and more the route that well-resourced nation state teams are focusing their effort on to aim espionage campaigns towards extraordinarily high-value organizations,” Ivanti CSO Daniel Spicer mentioned.
“We’ve enhanced inner scanning, guide exploitation and testing capabilities, elevated collaboration and knowledge sharing with the safety ecosystem, and additional enhanced our accountable disclosure course of, together with changing into a CVE Numbering Authority.”
The event comes as Bishop Fox launched full technical particulars of a now-patched safety flaw in SonicWall SonicOS (CVE-2024-53704) that may very well be exploited to bypass authentication in firewalls and permit attackers to hijack energetic SSL VPN periods so as to achieve unauthorized entry.
As of February 7, 2025, practically 4,500 internet-facing SonicWall SSL VPN servers stay unpatched towards CVE-2024-53704.
In an identical transfer, Akamai has revealed its discovery of two vulnerabilities in Fortinet FortiOS (CVE-2024-46666 and CVE-2024-46668) that an unauthenticated attacker can exploit to realize denial-of-service (DoS) and distant code execution. The issues had been resolved by Fortinet on January 14, 2025.
Fortinet has since additionally revised its advisory for CVE-2024-55591 to focus on one other flaw tracked as CVE-2025-24472 (CVSS rating: 8.1) that might end in an authentication bypass in FortiOS and FortiProxy gadgets by way of a specifically crafted CSF proxy request.
The corporate credited watchTowr Labs researcher Sonny Macdonald for locating and reporting the flaw. It is price noting that the vulnerability has already been patched alongside CVE-2024-55591, that means no buyer motion is required if fixes for the latter have already been utilized.