Ivanti Policy Secure vulnerabilities

CVE-2024-47906 [HIGH] CWE-267 CVE-2024-47906: Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1R Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

CVE-2024-11007 [HIGH] CWE-78 CVE-2024-11007: Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Iva Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-11005 [HIGH] CWE-78 CVE-2024-11005: Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Iva Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-11006 [HIGH] CWE-78 CVE-2024-11006: Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Iva Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVE-2024-9420 [HIGH] CWE-416 CVE-2024-9420: A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy S A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

CVE-2024-11004 [MEDIUM] CWE-79 CVE-2024-11004: Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before versi Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

CVE-2024-47909 [MEDIUM] CWE-121 CVE-2024-47909: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Sec A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

CVE-2024-47905 [MEDIUM] CWE-121 CVE-2024-47905: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Sec A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

CVE-2024-37404 [HIGH] CVE-2024-37404: Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

CVE-2024-29205 [HIGH] CWE-703 CVE-2024-29205: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

CVE-2024-21894 [CRITICAL] CWE-787 CVE-2024-21894: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Pol A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

CVE-2024-22053 [HIGH] CWE-787 CVE-2024-22053: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Pol A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

CVE-2024-22052 [HIGH] CWE-476 CVE-2024-22052: A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

CVE-2024-22023 [MEDIUM] CWE-476 CVE-2024-22023: An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

CVE-2024-22024 [HIGH] CWE-611 CVE-2024-22024: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22. An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

CVE-2024-21893 [HIGH] CWE-918 CVE-2024-21893: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22. A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

CVE-2024-21888 [HIGH] CWE-269 CVE-2024-21888: A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivant A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

CVE-2024-21887 [CRITICAL] CWE-77 CVE-2024-21887: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

CVE-2023-46805 [HIGH] CWE-287 CVE-2023-46805: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

CVE-2022-35254 [HIGH] CWE-416 CVE-2022-35254: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.