cbcvebase.
CVE-2024-39709
published 2024-11-13

CVE-2024-39709: Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not…

PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.30%
21.4th percentile
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

Affected

10 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure< 9.19.1
ivanticonnect_secure
ivanticonnect_secure
ivanticonnect_secure>= 21.9 < 22.622.6
ivanticonnect_secure>= 22.6R2 < 22.6R222.6R2
ivantipolicy_secure< 9.19.1
ivantipolicy_secure
ivantipolicy_secure
ivantipolicy_secure>= 22.1 < 22.722.7
ivantipolicy_secure>= 22.7R1 < 22.7R122.7R1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.