CVE-2024-9420
published 2024-11-12CVE-2024-9420: A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated…
PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.44%
69.8th percentile
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | < 9.1 | 9.1 |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | >= 21.9 < 22.7 | 22.7 |
| ivanti | policy_secure | < 22.7 | 22.7 |
| ivanti | policy_secure | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is use-after-free (CWE-416) in Ivanti Connect Secure and Ivanti Policy Secure; monitor for remote authenticated sessions triggering memory corruption or unexpected RCE activity on these appliances
- ·Affected versions of Ivanti Connect Secure are before 22.7R2.3 and before 9.1R18.9; affected versions of Ivanti Policy Secure are before 22.7R1.2 — ensure detection/patching targets these specific version ranges ↗
- ·Exploitation requires remote authenticated access — detection should focus on authenticated sessions, not unauthenticated traffic ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q8fc-2r64-8hq5: A use-after-free in Ivanti Connect Secure before version 22
ghsa_unreviewed·2024-11-12
CVE-2024-9420 [HIGH] CWE-416 GHSA-q8fc-2r64-8hq5: A use-after-free in Ivanti Connect Secure before version 22
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution.
Ivanti
Ivanti Security Advisory: CVE-2024-9420
vendor_ivanti·2024-11-12·CVSS 8.8
CVE-2024-9420 [HIGH] CWE-416 Ivanti Security Advisory: CVE-2024-9420
Ivanti Security Advisory: CVE-2024-9420
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
CVE IDs: CVE-2024-9420
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-416
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-12
Published