mickmick.net

Ivanti Products Remote Code Execution Vulnerability

Release Date: 10 Oct 2024

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

A vulnerability has been identified in Ivanti Products. A remote attacker could exploit these vulnerability to trigger remote code execution on the targeted system.

---

Impact

• Remote Code Execution

---

System / Technologies affected

Versions prior to:

 

• Ivanti Connect Secure version 9.1R18.9
• Ivanti Connect Secure version 22.7R2.1
• Ivanti Policy Secure version 22.7R1.1 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404?language=en_US&_gl=1*ibsua6*_gcl_au*NjQ0ODI3OTIxLjE3Mjg1MTk5NTY.

---

Vulnerability Identifier

• CVE-2024-37404

---

Source

• Ivanti

---

Related Link

• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404?language=en_US&_gl=1*ibsua6*_gcl_au*NjQ0ODI3OTIxLjE3Mjg1MTk5NTY.