PT-2024-1468 · Ivanti · Ivanti Policy Secure+1
Published
2024-01-22
·
Updated
2025-01-09
·
CVE-2024-21888
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti Connect Secure versions 9.x through 22.x
Ivanti Policy Secure versions 9.x through 22.x
Description
A privilege escalation vulnerability in the web component of Ivanti Connect Secure and Ivanti Policy Secure allows a user to elevate privileges to that of an administrator. The issue is related to insufficient access control. An attacker can exploit this vulnerability to gain administrator privileges. There is evidence that this vulnerability is being exploited in the wild.
Recommendations
For Ivanti Connect Secure versions 9.x through 22.x, update to a version that includes a fix for this vulnerability.
For Ivanti Policy Secure versions 9.x through 22.x, update to a version that includes a fix for this vulnerability.
As a temporary workaround, consider restricting access to the web component of Ivanti Connect Secure and Ivanti Policy Secure to minimize the risk of exploitation.
Exploit
Fix
Improper Privilege Management
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ivanti Connect Secure
Ivanti Policy Secure