CVE-2024-39712Argument Injection in Ivanti Connect Secure

CWE-88Argument Injection3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
9.7%
top 7.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ivanti Connect SecureIvanti Policy Secure
Timeline
PublishedNov 13

Description

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages4 packages

CVEListV5ivanti/policy_secure22.7R1.122.7R1.1
NVDivanti/policy_secure< 22.7+1
CVEListV5ivanti/connect_secure22.7R2.122.7R2.1+1
NVDivanti/connect_secure< 22.7+1

🔴Vulnerability Details

2
CVEList
CVE-2024-39712: Argument injection in Ivanti Connect Secure before version 222024-11-13
GHSA
GHSA-2q9p-fqxr-c55c: Argument injection in Ivanti Connect Secure before version 222024-11-13
CVE-2024-39712 — Argument Injection in Ivanti | cvebase