Local Authenticated Attacker Can Escalate Privileges via Incorrect File Permissions
CVE-2024-39709

Currently unrated

Key Information:

Vendor

Ivanti
Status
Connect Secure
Policy Secure
Vendor
CVE Published:
13 November 2024

What is CVE-2024-39709?

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

Timeline

  • Vulnerability published

.