CVE-2024-9420
HIGH EPSS 69.8%
Published Nov 12, 20241y ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
Published Nov 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
69.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 72
| Vendor | Product | Version | Range |
|---|---|---|---|
| ivanti | connect_secure | * | <9.1 |
| ivanti | connect_secure | * | ≥21.9 – <22.7 |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | policy_secure | * | <22.7 |
| ivanti | policy_secure | 22.7 | any |
| ivanti | policy_secure | 22.7 | any |
| ivanti | policy_secure | 22.7 | any |
References 1
- forums.ivanti.com https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.