PT-2025-6237 · Ivanti · Ivanti Connect Secure+1

Publicado

2025-02-11

Atualizado

2025-07-14

CVE-2024-10644

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions prior to 22.7R2.4 Ivanti Policy Secure versions prior to 22.7R1.3

Description A code injection issue exists in Ivanti Connect Secure and Ivanti Policy Secure. A remote authenticated attacker with administrative privileges can achieve remote code execution.

Recommendations Ivanti Connect Secure versions prior to 22.7R2.4 should be updated to version 22.7R2.4 or later. Ivanti Policy Secure versions prior to 22.7R1.3 should be updated to version 22.7R1.3 or later.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2024-10644

Produtos afetados

Ivanti Connect Secure

Ivanti Policy Secure

PT-2025-6237 · Ivanti · Ivanti Connect Secure+1

CVE-2024-10644

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16