File Write Vulnerability in Ivanti Connect Secure and Policy Secure Products
CVE-2024-38657
9.1CRITICAL
What is CVE-2024-38657?
This vulnerability allows an authenticated remote attacker with admin privileges to exploit flaws in Ivanti Connect Secure and Policy Secure. Specifically, it permits the attacker to control file names, enabling arbitrary file writing on the systems. Versions earlier than 22.7R2.4 for Connect Secure and 22.7R1.3 for Policy Secure are particularly vulnerable, presenting significant security risks that could lead to unauthorized data access and manipulation.
Affected Version(s)
Connect Secure 22.7R2.4
Policy Secure 22.7R1.3