fkie_cve-2024-9420
Vulnerability from fkie_nvd
Published
2024-11-12 16:15
Modified
2025-03-13 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C616EB87-8CE7-44E1-92A7-E5ED6E8C414A",
"versionEndExcluding": "22.7",
"versionStartIncluding": "21.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "130C8955-BDA4-4518-8EBA-740EB08FC3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*",
"matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*",
"matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*",
"matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*",
"matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*",
"matchCriteriaId": "7162C24D-D181-49CC-B8C2-9EE3E0CDF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:*",
"matchCriteriaId": "06520C75-9326-4C21-8AD6-6DE1ED031959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
"matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
"matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:*",
"matchCriteriaId": "8971445A-D65F-4C0E-906F-7AC4953C5689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*",
"matchCriteriaId": "080CD832-3324-4158-A4CD-3A2E49B7BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*",
"matchCriteriaId": "DB2B8165-E9D4-4549-B16E-A62810BDAF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:*",
"matchCriteriaId": "014C7627-F211-48B1-80FA-3A7F608B4F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.7:*:*:*:*:*:*",
"matchCriteriaId": "A5592C84-538C-47AB-8042-09B42D89BB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.8:*:*:*:*:*:*",
"matchCriteriaId": "7DC6A046-F81C-4CBA-B06E-081AA550C91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*",
"matchCriteriaId": "4E2D041D-9BDD-416D-B658-1C517C854104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*",
"matchCriteriaId": "7155EB34-E8E0-49AF-BDA2-FB4BFA44662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*",
"matchCriteriaId": "25EE614A-5F32-4CA9-998A-4FAF16DC100C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*",
"matchCriteriaId": "F49EE829-A2CD-491E-BFC3-7888491D7C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*",
"matchCriteriaId": "2254DDF1-7FF3-49E1-8826-91F49A6794F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*",
"matchCriteriaId": "B8EA4DA8-CD09-41AC-ADCB-27CF771C016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*",
"matchCriteriaId": "4D6CECCB-18BA-4219-95A2-2525A2BDCE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*",
"matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*",
"matchCriteriaId": "B7006C07-0E3F-4890-A1B3-533E10924D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*",
"matchCriteriaId": "F54753D0-6275-4F82-B874-55438D2983B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*",
"matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*",
"matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*",
"matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*",
"matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*",
"matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*",
"matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*",
"matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*",
"matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*",
"matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9\n\n and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution"
},
{
"lang": "es",
"value": "Use-after-free en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.3 y en Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.2 permite que un atacante remoto autenticado logre la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-9420",
"lastModified": "2025-03-13T16:15:25.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-12T16:15:26.760",
"references": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…