cbcvebase.
CVE-2024-9420
published 2024-11-12

CVE-2024-9420: A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated…

PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.44%
69.8th percentile
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

Affected

6 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure< 9.19.1
ivanticonnect_secure
ivanticonnect_secure
ivanticonnect_secure>= 21.9 < 22.722.7
ivantipolicy_secure< 22.722.7
ivantipolicy_secure

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is use-after-free (CWE-416) in Ivanti Connect Secure and Ivanti Policy Secure; monitor for remote authenticated sessions triggering memory corruption or unexpected RCE activity on these appliances
  • ·Affected versions of Ivanti Connect Secure are before 22.7R2.3 and before 9.1R18.9; affected versions of Ivanti Policy Secure are before 22.7R1.2 — ensure detection/patching targets these specific version ranges
  • ·Exploitation requires remote authenticated access — detection should focus on authenticated sessions, not unauthenticated traffic
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.