
Ukraine Targets Outdated Military Equipment in Ongoing Conflict
Section: Politics
Ivanti has issued a warning regarding several critical security vulnerabilities identified in its VPN software, including Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC), as well as in Ivanti Cloud Services Application (CSA). These vulnerabilities could potentially allow attackers to inject malicious code.
According to Ivanti's security advisory, the most severe of these vulnerabilities is a stack-based buffer overflow that enables authenticated users to execute arbitrary code remotely (CVE-2025-22467, CVSS score 9.9, rated as 'critical'). Although details on how malicious actors may exploit this vulnerability have not been disclosed, the implications are significant.
Additionally, authenticated users with administrative privileges can manipulate externally controlled file names to write arbitrary files (CVE-2024-38657, CVSS score 9.1, critical). There are also reports of another critical vulnerability allowing attackers to inject code through unspecified methods (CVE-2024-10644, CVSS score 9.1, critical).
Other vulnerabilities detailed in the advisory include CVE-2024-13813 (CVSS score 7.1, high), CVE-2024-12058 (CVSS score 6.8, medium), and multiple others rated from medium to high risk. These vulnerabilities affect versions of Ivanti Connect Secure (ICS) prior to 22.7R2.6, Ivanti Policy Secure (IPS) before 22.7R1.3, and Ivanti Secure Access Client (ISAC) before 22.8R1.
Furthermore, Ivanti has identified a critical security flaw in the Cloud Services Application (CSA). Authenticated attackers with administrative access can execute operating system commands, enabling them to inject and run arbitrary malicious code (CVE-2024-47908, CVSS score 9.1, critical). Another vulnerability allows attackers to exploit a path traversal issue to gain access to restricted functions without prior authentication (CVE-2024-11771, CVSS score 5.3, medium). These vulnerabilities can be addressed with updates available for Ivanti CSA version 5.0.5.
While Ivanti has reported no known exploitations of these vulnerabilities in the wild, they urge IT administrators to prioritize the installation of the latest updates due to the severe nature of these threats.
Security vulnerabilities in Ivanti products have previously attracted attention from cybercriminals. For instance, in early January, attackers exploited a code injection vulnerability in Ivanti Connect Secure to compromise networks.
Section: Politics
Section: News
Section: News
Section: Health
Section: News
Section: News
Section: Travel
Section: News
Section: News
Section: Politics
Health Insurance in Germany is compulsory and sometimes complicated, not to mention expensive. As an expat, you are required to navigate this landscape within weeks of arriving, so check our FAQ on PKV. For our guide on resources and access to agents who can give you a competitive quote, try our PKV Cost comparison tool.
Germany is famous for its medical expertise and extensive number of hospitals and clinics. See this comprehensive directory of hospitals and clinics across the country, complete with links to their websites, addresses, contact info, and specializations/services.
Join us for an exciting theatrical experience on Saturday, May 10, 2025, from 19:30 to 22:00 at the Münchner Kammerspiele - Werkraum. This performance, directed by Melina Dressler, is a directorial exercise inspired by Heiner Müller's 'Quartett' and incorporates texts by Michel Foucault. The...
No comments yet. Be the first to comment!