Ivanti has released crucial security updates addressing several high-risk vulnerabilities in its Connect Secure, Policy Secure, and Cloud Services Application products. Notably, these flaws could allow attackers to execute arbitrary code, with CVSS scores as high as 9.9. Although Ivanti has not detected any exploitation of these vulnerabilities in the wild, the company emphasizes the importance of users applying patches promptly as their products have been targeted by sophisticated threat actors. The company is also working to improve software defenses and implement secure-by-design principles.
Ivanti acknowledges its edge products are increasingly targeted by sophisticated threats, emphasizing it's crucial for users to apply the latest security updates to mitigate potential exploits.
The vulnerabilities affect Ivanti’s Connect Secure, Policy Secure, and CSA, allowing remote code execution if left unaddressed, with versions needing immediate upgrades to avoid risks.
Collection
[
|
...
]