Cleartext Data Exposure in Ivanti Connect Secure and Policy Secure
CVE-2024-13843

4.4MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure
Vendor: CVE Published:; 11 February 2025

Summary

This vulnerability involves the cleartext storage of sensitive data in Ivanti Connect Secure and Ivanti Policy Secure, allowing local authenticated attackers with admin privileges to read this information. Versions prior to 22.7R2.6 for Connect Secure and 22.7R1.3 for Policy Secure are impacted, exposing user data to potential compromise. It is crucial for organizations using these products to assess their systems and implement updates to mitigate this risk.

Affected Version(s)

Connect Secure 22.7R2.6

Policy Secure 22.7R1.3

References

https://forums.ivanti.com/s/article/February-Security-Adv...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Feb 6, 2025