Summary
Ivanti releases security updates that resolve 16 vulnerabilities, 6 of which have ‘critical’ severity, in the Avalanche, Neurons for ITSM, Connect Secure, Secure Access Client and Endpoint Manager products.
Notes (updated 13/06/2024): A Proof of Concept (PoC) for the exploitation of vulnerability CVE-2024-29824 is available on the network.
Risk
Estimated impact of the vulnerability on the target community: Serious/RED (78.97/100)1. (updated 13/06/2024)
Type
- Arbitrary Code Execution
- Data Manipulation
- Arbitrary File Write
Affected Products and Versions
- Ivanti
- Avalanche
- Neurons for ITSM
- Connect Secure
- Secure Access Client
- Endpoint Manager (EPM)
Mitigation actions
It is recommended that affected products be updated to the latest available version by following the instructions in the security bulletins, available in the References section.
Unique vulnerability identifiers
References
https://forums.ivanti.com/s/article/Security-Advisory-May-2024
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoCs, prevalence of affected software/devices in the relevant community.
