• Request consultation
  • Newsletter
  • Deutsch Deutsch German de
  • English English English en
  • Italiano Italiano Italian it
  • Nederlands Nederlands Dutch nl
Greenbone
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for Your Sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap & Lifecycle
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
  • Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for your sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap and Lifecycle
    • Request IT Security
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
    • Newsletter
  • Our Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • German
  • English
  • Italian
  • Dutch
Markus Feilner

Ivanti Connect Secure VPN: Greenbone protects against Zero Day

Blog

A series of flaws in Ivanti’s Connect Secure VPN is being actively exploited by attackers. Both the German BSI and the US government’s Cybersecurity and Infrastructure Security Agency (CISA) have spread a warning. CISA has even issued an Emergency Directive ordering all Federal Civilian Executive Branch (FCEB) agencies to apply patches immediately.

Thousands of publicly accessible Ivanti systems worldwide are at risk, many of which are located in Germany, the flaws are being actively exploited. Because Ivanti’s devices have been included in Greenbone’s vulnerability tests in the Enterprise Feed for several years, we were able to warn our customers as early as January 10 and have been continuously building tests for the most recent vulnerabilities. Nevertheless, Ivanti customers need to be alert and take action – the patches from Ivanti need a factory reset on the devices.

Remote Code Execution and Authentification Bypass

Since December, the American security expert Volexity had found two serious security vulnerabilities (CVE-2023-46805 and CVE-2024-21887, both published on January 12, 2024) in devices with Ivanti Connect Secure VPN. Products affected included Ivanti Connect Secure (formerly Ivanti Pulse Secure), Ivanti Policy Secure and Ivanti Neurons for Zero Trust Access (ZTA).

According to Ivanti’s official statement, the vulnerabilities allowed remote attackers to bypass authentication mechanisms, execute their own code without authorization and take control of systems. The manufacturer urgently advises its customers to implement the workarounds and continues to update communication in an article in the forum.

Patches were shipped end of January which also included fixes for three other severe vulnerabilities, that Ivanti had to warn about in late January and early February. (CVE-2024-21893, CVE-2024-21888 and CVE-2024-22024). These three security issues come at high risk, include server-side request forgery, privilege escalation and an XML external entity (XXE) vulnerability.

According to the vendor, security patches for all flaws have been delivered on February 1. Users that applied the February patch and who have made a factory reset should not require another one now.

Greenbone customers have been warned, but administrators need to take action

Due to the widespread use of Ivanti devices in Germany, Greenbone has been including tests for Ivanti Connect Secure for several years. While other available tests only check the version numbers of the software used, Greenbone’s vulnerability checks use extended functions and thus achieve a significant higher level of accuracy in reporting.

However, even though our products warn Greenbone customers faster and more accurately about potential vulnerabilities in Avanti devices, users still need to take action to apply all the measures recommended by the manufacturer. For example, it is quite possible that attackers have already exploited the vulnerability before it was published. Therefore, all customers must use the Integrity Checker provided by Ivanti to ensure the integrity of their installation.

The five security vulnerabilities in Ivanti VPN Gateway appliances according to NIST:

  • CVE-2023-46805 (CVSS 8.2 High): The authentication bypass vulnerability [CWE-287] in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows an attacker to access restricted resources by bypassing control checks.
  • CVE-2024-21887 (CVSS 9.1 High): The command injection vulnerability [CWE-77] in the web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows administrators to send specially crafted requests and execute arbitrary commands on the appliance.
  • CVE-2024-21893 (CVSS 8.2 High): A server-side request forgery vulnerability [CWE-918] in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
  • CVE-2024-21888 (CVSS 8.8 High): A privilege escalation vulnerability [CWE-265] in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to administrator level.
  • CVE-2024-22024 (CVSS 8.3 High): An XML external entity or XXE vulnerability [CWE-643] in the SAML components of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Immediate Actions

The patches were initially released on January 22. Until users can download and install the official patches from Ivanti, they should follow these steps:

  • Download: current Mitigation Release from Ivanti’s official Mitigation Advisory
  • Follow instructions to ensure correct import, reset device to factory defaults when told to.
  • Download and run Ivanti’s External Integrity Checker Tool.

Contact Test Now Buy Here Back to Overview

Markus Feilner
Markus Feilner

Markus Feilner is a consultant for IT security, digital sovereignty and open source strategies from Regensburg. He has been working with Linux since 1994. He has been writing studies, articles and blog posts for Greenbone since 2021.

LinkedIn

14. February 2024/by Markus Feilner
Share this entry
  • Share on LinkedIn
  • Share by Mail
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png 0 0 Markus Feilner https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png Markus Feilner2024-02-14 17:00:352025-10-02 10:00:42Ivanti Connect Secure VPN: Greenbone protects against Zero Day

Search

Search Search

Archive

  • 2026
  • 2025

Newsletter

Subscribe Now

OPENVAS BASIC

Our entry-level enterprise product

Test 14 Days Free of Charge

Products & Solutions

  • OPENVAS PRODUCTS
  • OPENVAS SECURITY INTELLIGENCE
  • OPENVAS SCAN
  • OPENVAS BASIC
  • OPENVAS FREE
  • OPENVAS AI
ISO9001-EN

Service & Support

  • Technical Support
  • FAQ
  • Documents
  • Warranty
  • Open Source Vulnerability Management
  • Cyber Resilience Act
ISO27001-EN

About us

  • About Greenbone
  • Partners
  • MSSP
  • License information
  • Privacy Statement
  • Terms & Conditions
ISO14001-EN

Contact with us

  • Contact
  • Newsletter
  • Media Contact
  • Careers
  • Security Response
  • Imprint
  • Grounding Page

Community

  • Community Portal
  • Community Forum
© Copyright - Greenbone AG 2020-2026
  • Link to LinkedIn
Link to: CISA warning: Serious Security Vulnerability in MS Sharepoint Link to: CISA warning: Serious Security Vulnerability in MS Sharepoint CISA warning: Serious Security Vulnerability in MS Sharepoint Link to: CISA: Multiple Vulnerabilities In Atlassian Confluence Are Being Actively Exploited Link to: CISA: Multiple Vulnerabilities In Atlassian Confluence Are Being Actively Exploited CISA: Multiple Vulnerabilities In Atlassian Confluence Are Being Actively E...
Scroll to top Scroll to top Scroll to top
Contact
Request IT Security Contact Us Subscribe to Newsletter Follow on LinkedIn