CVE-2024-47906
published 2024-11-12CVE-2024-47906: Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.22%
12.7th percentile
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | < 9.1 | 9.1 |
| ivanti | connect_secure | < 22.7 | 22.7 |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | 22.4R2 – 22.7R2.2 | — |
| ivanti | policy_secure | < 9.1 | 9.1 |
| ivanti | policy_secure | < 22.7 | 22.7 |
| ivanti | policy_secure | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-47906
vendor_ivanti·2024-11-12·CVSS 7.8
CVE-2024-47906 [HIGH] CWE-267 Ivanti Security Advisory: CVE-2024-47906
Ivanti Security Advisory: CVE-2024-47906
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
CVE IDs: CVE-2024-47906
CVSS Base Score: 7.8
Severity: HIGH
CWEs: CWE-267, CWE-426
GHSA
GHSA-wp5x-8wxv-j7j2: Excessive binary privileges in Ivanti Connect Secure which affects versions 22
ghsa_unreviewed·2024-11-12
CVE-2024-47906 [HIGH] CWE-267 GHSA-wp5x-8wxv-j7j2: Excessive binary privileges in Ivanti Connect Secure which affects versions 22
Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-12
Published