CVE-2024-37404

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions prior to 22.7R2.1 Ivanti Connect Secure version 9.1R18.9 Ivanti Policy Secure versions prior to 22.7R1.1

Description The issue is related to improper input validation in the admin portal, allowing a remote authenticated attacker to achieve remote code execution. This is due to a lack of filtering that lets an authenticated administrator create a malicious CSR to load and execute binary code from a malicious log file upload. The vulnerability can be exploited by making a POST request containing a CRLF and OpenSSL payload. It is estimated that over 1.2 million devices may be affected, and the issue has been actively exploited.

Recommendations For Ivanti Connect Secure versions prior to 22.7R2.1, update to version 22.7R2.1 or later. For Ivanti Connect Secure version 9.1R18.9, update to a version later than 9.1R18.9. For Ivanti Policy Secure versions prior to 22.7R1.1, update to version 22.7R1.1 or later. As a temporary workaround, consider restricting access to the admin portal to minimize the risk of exploitation.