Security updates for Ivanti Connect Secure and Ivanti Policy Secure
At Ivanti, we are committed to delivering innovative, high-quality and secure solutions for our customers. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards. In the best interests of our customers, we are always investigating, assessing, monitoring and validating the security posture of our solutions. We collaborate with the broader security ecosystem to share intelligence and appreciate when we are made aware of issues via responsible disclosure from reputable sources.
As part of our ongoing strengthening of the security of our products we have discovered and fixed vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) solutions as part of our normal quarterly release. We are reporting the Ivanti Connect Secure issues as CVE-2023-39340, CVE-2023-41719 and CVE-2023-41720, and Ivanti Policy Secure issue as CVE-2023-39339.
We encourage customers to download the latest releases of ICS and IPS to remediate the issues. The releases are available now in our Download Center (SSO login required).
More information on the CVEs and detailed instructions on how to remediate the vulnerability can be found in these Security Advisories:
We have no evidence of any customers having been impacted by any of the vulnerabilities at this time.
Our Support team is always here to help our customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).
Ivanti would like to thank Jérôme Mampianinazakason of Synacktiv (https://www.synacktiv.com) for his assistance and cooperation in the discovery of and responsible disclosure of CVE-2023-41719 and CVE-2023-41720.
Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.