Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Security Advisory 2024-110

Release Date:

Critical Vulnerability in Ivanti Products

Download

History:

  • 15/10/2024 --- v1.0 -- Initial publication

Summary

On October 8, 2024, Ivanti addressed a critical vulnerability in Ivanti Connect Secure and Ivanti Policy Secure [1].

Technical Details

The vulnerability CVE-2024-37404, with a CVSS score of 9.1, is an improper input validation in the admin portal that allows a remote authenticated attacker to achieve remote code execution.

Affected Products

  • Ivanti Connect Secure: All versions before 22.7R2.1
  • Ivanti Connect Secure: All versions before 9.1R18.9
  • Ivanti Policy Secure: All versions before 22.7R1.1

Recommendations

CERT-EU strongly recommends updating affected devices as soon as possible [1].

References

[1] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.