WARNING: IVANTI PATCHED MULTIPLE VULNERABILITIES IN SEVERAL PRODUCTS, PATCH IMMEDIATELY!

Image
Decorative image
Published : 13/02/2025

Reference:
Advisory #2025-33

Version:
1.0

Affected software:
Ivanti Cloud Service Application
Ivanti Connect Secure, Policy Secure and Secure Access Client
Ivanti Neurons for MDM

Type:
Several types, including Remote Code Execution and Path traversal

CVE/CVSS:
CVE-2025-22467
CVSS 9.9 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)CVE-2024-38657
CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H    )CVE-2024-10644
CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H    )CVE-2024-47908
CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Sources

Risks

Ivanti released its February security update, containing fixes for Ivanti Cloud Service Application, Ivanti Neurons for MDM, Ivanti Connect Secure, Policy Secure and Secure Access Client. Some vulnerability can lead to Remote Code Execution. Ivanti is not aware of any vulnerabilities exploited in the wild.

Description

Ivanti Cloud Service Application

Ivanti has released updates for Ivanti Cloud Services Application (CSA) which addresses critical and medium severity vulnerabilities. Successful exploitation of CVE-2024-47908 could allow a remote authenticated attacker to achieve remote code execution and CVE-2024-11771 could allow a remote unauthenticated attacker to access restricted functionality. 

Vulnerabilities:

  • CVE-2024-47908 - CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
  • CVE-2024-11771 - CVSS 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)


Ivanti Neurons for MDM

Ivanti fixed one vulnerability in Ivanti Neurons for MDM. This vulnerability could allow a remote authenticated attack to access limited functionality without proper authorization.

Ivanti Connect Secure, Policy Secure and Secure Access Client

Ivanti fixed 8 vulnerabilities in Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC). Three vulnerabilities have a CVSS score higher than 9. CVE-2025-22467 – 9.9, could allow a remote authenticated attacker to achieve remote code execution. CVE-2024-38657 - CVSS 9.1, could allow a remote authenticated attacker with admin privileges to write arbitrary files. CVE-2024-10644 could allow a remote authenticated attacker with admin privileges to achieve remote code execution.

Vulnerabilities:

  • CVE-2024-38657 - CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
  • CVE-2025-22467 - CVSS 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
  • CVE-2024-10644 - CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)             
  • CVE-2024-12058 - CVSS 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)             
  • CVE-2024-13830 - CVSS 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N )
  • CVE-2024-13842 - CVSS 6.0 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)              
  • CVE-2024-13843 - CVSS 6.0 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)              
  • CVE-2024-13813 - CVSS 7.1 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H )

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References