Privilege Escalation Vulnerability Affects Ivanti Connect Secure and Policy Secure
CVE-2024-21888
Key Information:
Badges
Summary
A vulnerability exists in the web components of Ivanti Connect Secure and Ivanti Policy Secure, allowing an authenticated user to escalate their privileges to that of an administrator. This could potentially lead to unauthorized access to sensitive functions and data, significantly compromising the security of affected systems. It is crucial for users of the specified versions to apply any available security patches and follow best practices for securing their installations.
Affected Version(s)
ICS 9.1R18
ICS 22.6R2
IPS 9.1R18
News Articles
Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations
IT company Ivanti said this week that it discovered two new vulnerabilities affecting its products while investigating bugs discovered earlier in the month.
11 months ago
Two New Zero-Day Flaws Disclosed in Ivanti Products, One Under Active Exploitation - Cyber Kendra
Two New Zero-Day Flaws Disclosed in Ivanti Products, One Under Active Exploitation
11 months ago
Duo SecurityIvanti Rolls Out Patches For Exploited Connect Secure Flaws
Ivanti has rolled out its first round of patches for two existing - and two newly discovered - vulnerabilities in its Ivanti Connect Secure VPN and Ivanti Policy Secure appliances.
11 months ago
References
CVSS V3.1
Timeline
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by Dark Reading
Vulnerability published
Vulnerability Reserved