"Urgent: Mass-Exploited Ivanti VPN Flaw Requires Immediate Patching"
Originally Published 1 year ago — by The Hacker News
Ivanti has disclosed a high-severity security flaw, CVE-2024-22024, affecting its Connect Secure, Policy Secure, and ZTA gateway devices, allowing attackers to bypass authentication. The company has released patches for the affected versions and urges users to apply them promptly, emphasizing the importance of addressing multiple security weaknesses that have surfaced this year. While there is no evidence of active exploitation, users are advised to take swift action due to the potential for broad abuse of these vulnerabilities.