CISA Adds Ivanti Connect, Policy, and ZTA Gateways Flaws to Known Exploited Vulnerabilities Catalog

Monday 7th of April 2025 19:39:30

U.S. CISA Adds Ivanti Connect, Secure Policy, and ZT Gateways Flaw to Its Known Exploited Vulnerabilities Catalog

The United States Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a flaw in Ivanti Connect, Secure Policy, and ZT Gateways.

The Ivanti Connect vulnerability, tracked as CVE-2022-26148, is a remote code execution flaw that affects Ivanti Connect versions 2022.1 and earlier. An attacker could exploit this vulnerability to execute arbitrary code on the affected system, potentially leading to a complete takeover.

The Secure Policy vulnerability, tracked as CVE-2022-26149, is a denial-of-service (DoS) flaw that affects Ivanti Secure Policy versions 2022.1 and earlier. An attacker could exploit this vulnerability to crash the affected system, potentially leading to a denial-of-service condition.

The ZT Gateways vulnerability, tracked as CVE-2022-26150, is a command injection flaw that affects ZT Gateways versions 2022.1 and earlier. An attacker could exploit this vulnerability to inject arbitrary commands on the affected system, potentially leading to a complete takeover.

CISA added these vulnerabilities to its KEV catalog because they have been actively exploited in the wild. The KEV catalog is a list of vulnerabilities that have been exploited by attackers and are considered to be a significant risk to the security of federal agencies and other organizations.

Organizations that have not already patched these vulnerabilities are strongly encouraged to do so as soon as possible to prevent exploitation. CISA also recommends implementing compensating controls, such as monitoring for suspicious activity and implementing network segmentation, to mitigate the risk of exploitation.

The addition of these vulnerabilities to the KEV catalog is a reminder of the importance of keeping software up to date and implementing robust security measures to prevent exploitation. Organizations that have not already patched these vulnerabilities should prioritize patching as soon as possible to prevent exploitation.