Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-37404 — Ivanti Connect Secure vulnerability

5 documents5 sources

Severity

8.8HIGHNVD

EPSS

84.1%

top 0.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Ivanti Connect Secure Ivanti Policy Secure

Timeline

PublishedOct 18

Latest updateOct 19

Description

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5ivanti/policy_secure22.7R1.1 — 22.7R1.1

▶NVDivanti/policy_secure< 22.7+1

▶CVEListV5ivanti/connect_secure22.7R2.1 — 22.7R2.1+1

▶NVDivanti/connect_secure22.3 — 22.7+3

Patches

Patch: forums.ivanti.com ↗

🔴Vulnerability Details

GHSA

GHSA-wh9v-jwf3-x8xj: Improper Input Validation in the admin portal of Ivanti Connect Secure before 22↗2024-10-19

▶

CVEList

CVE-2024-37404: Improper Input Validation in the admin portal of Ivanti Connect Secure before 22↗2024-10-18

▶

💥Exploits & PoCs

Metasploit

Ivanti Connect Secure Authenticated Remote Code Execution via OpenSSL CRLF Injection↗

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Ivanti Connect Secure CRLF Injection Remote Code Execution Attempt (CVE-2024-37404)↗2024-10-09

▶