Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access Denial-of-Service Vulnerability

A vulnerability allowing denial-of-service conditions has been identified in multiple Ivanti products, including Connect Secure versions prior to 22.7R2.8 or 22.8R2, Policy Secure versions prior to 22.7R1.5, ZTA Gateway versions prior to 22.8R2.3-723, and Neurons for Secure Access versions prior to 22.8R1.4. This vulnerability allows remote authenticated attackers with admin privileges to disrupt service.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing affected services to become unavailable or unresponsive.

Remediation

Users of Ivanti Connect Secure should update to version 22.7R2.8 or 22.8R2. Users of Ivanti Policy Secure should update to version 22.7R1.5. For Ivanti ZTA Gateway, version 22.8R2.3-723 is available for download. Neurons for Secure Access customers do not need to take any action, as the fix has been applied to cloud environments.