Ivanti Connect Secure and Ivanti Policy Secure Gateway Vulnerabilities
Advisory ID
WGSA-2024-00004
CVE
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893
Impact
Critical
Status
Not Applicable
Product Family
Firebox
Published Date
Updated Date
Workaround Available
True
Summary
On January 10th, Ivanti disclosed an authentication bypass and a command injection vulnerability affecting their Connect Secure and Policy Secure Gateway appliances. These vulnerabilities could allow an unauthenticated attacker to potentially execute arbitrary commands on vulnerable devices.
Affected
No WatchGuard products or services are affected by these vulnerabilities
Resolution
No resolution required
Workaround
No workaround required
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Firebox
|
Fireware OS 12.5.x | T15, T35 |