File Write Vulnerability in Ivanti Connect Secure and Policy Secure Products
CVE-2024-38657

9.1CRITICAL

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure
Vendor: CVE Published:; 21 February 2025

What is CVE-2024-38657?

This vulnerability allows an authenticated remote attacker with admin privileges to exploit flaws in Ivanti Connect Secure and Policy Secure. Specifically, it permits the attacker to control file names, enabling arbitrary file writing on the systems. Versions earlier than 22.7R2.4 for Connect Secure and 22.7R1.3 for Policy Secure are particularly vulnerable, presenting significant security risks that could lead to unauthorized data access and manipulation.

Affected Version(s)

Connect Secure 22.7R2.4

Policy Secure 22.7R1.3

References

https://forums.ivanti.com/s/article/February-Security-Adv...

CVSS V3.0

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Jun 19, 2024