all InfoSec news
Ivanti Patches New Flaws as Exploits Continue Against Older Ones
Malware Analysis, News and Indicators - Latest topics malware.news
Ivanti has released fixes for four vulnerabilities in its Connect Secure and Policy Secure products, all of which are exploitable remotely without authentication, and one of which can lead to arbitrary code execution.
The most serious of the vulnerabilities is a heap buffer overflow (CVE-2024-21894) in the IPSec implementation in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS), which can allow a remote unauthenticated attacker to execute arbitrary code in some circumstances. That flaw, like the other three that …
arbitrary code arbitrary code execution authentication buffer buffer overflow can code code execution connect connect secure continue cve cve-2024 exploits fixes flaws heap buffer overflow implementation ipsec ivanti overflow patches policy policy secure products serious vulnerabilities