Ivanti Connect Secure and Ivanti Policy Secure Gateway Vulnerabilities
Advisory ID
WGSA-2024-00004
CVE
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893
Impact
Critical
Status
Not Applicable
Product Family
Firebox,
Endpoint
Published Date
Updated Date
Workaround Available
True
Summary
On January 10th, Ivanti disclosed an authentication bypass and a command injection vulnerability affecting their Connect Secure and Policy Secure Gateway appliances. These vulnerabilities could allow an unauthenticated attacker to potentially execute arbitrary commands on vulnerable devices.
Affected
No WatchGuard products or services are affected by these vulnerabilities
Resolution
No resolution required
Workaround
No workaround required
Advisory Product List
Product Family
Product Branch
Product List
Firebox
Firebox T (2nd Gen)
T15,
T15-W,
T35,
T35-W,
T35-R,
T55,
T55-W,
T70
Firebox
Firebox T (3rd Gen)
T20,
T20-W,
T40,
T40-W,
T80
Firebox
Firebox T (1st Gen)
T10,
T10-W,
T10-D,
T30,
T30-W,
T50,
T50-W
Firebox
XTM 8 Series (2nd Gen)
XTM850,
XTM860,
XTM870,
XTM870-F
Firebox
Firebox M (1st Gen)
M200,
M300,
M400,
M440,
M500
Firebox
XTM 1500 and 2520
XTM1520-RP,
XTM1525-RP,
XTM2520
Firebox
Firebox M (2nd Gen)
M270,
M370,
M470,
M570,
M670
Firebox
Firebox M (3rd Gen)
M290,
M390,
M590,
M690,
M4800,
M5800
Firebox
XTMv
Small,
Medium,
Large,
Datacenter
Firebox
FireboxV
Small,
Medium,
Large,
XLarge
Firebox
FireboxCloud
Small,
Medium,
Large,
XLarge
Firebox
Firebox T (4th Gen)
NV5,
T25,
T45,
T85
Endpoint
Panda Dome
Essential,
Advanced,
Complete,
Premium
Endpoint
Panda AD360
AD360
Endpoint
WatchGuard EPDR
EPP,
EDR,
EPDR