Security Flaw in Ivanti Connect Secure and Ivanti Policy Secure
CVE-2024-47906

7.8HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that enables a local authenticated attacker to escalate privileges due to excessive binary privileges. This issue impacts versions prior to Ivanti Connect Secure 22.7R2.3 and Ivanti Policy Secure 22.7R1.2, with the exception of version 9.1Rx. Organizations using these affected versions may be at risk, as the flaw could allow an attacker with local access to gain elevated privileges within the affected systems, potentially compromising sensitive data and access controls.

Affected Version(s)

Connect Secure 22.4R2 <= 22.7R2.2

Policy Secure 22.7R1.2

Connect Secure 22.7R2.3

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024