Remote Code Execution Vulnerability Affects Ivanti Connect Secure and Policy Secure
CVE-2024-38656

Currently unrated

Key Information:

Vendor

Ivanti
Status
Connect Secure
Policy Secure
Vendor
CVE Published:
13 November 2024

What is CVE-2024-38656?

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

.