CISA Known Exploited Vulnerability (KEV)
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
January 10, 2024
January 22, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
References
Weakness Enumeration
CWE-ID | CWE Name |
---|---|
CWE-287 |
Improper Authentication |