216.73.217.22

CVE-2024-11007

· Published 12/11/2024 16:15 · Modified 22/11/2024 17:15

Labels: CVE-2024-11007 2024-11-123c1d8aa1-5a33-4ea4-8992-aadd6440af75CVE-2024-11007CWE-78

Essential information

Published
12/11/2024 16:15
Modified
22/11/2024 17:15
Author
Creator
CVSS
9.1 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

NVD status

Status
Modified — CVE has been recently published to the CVE List and has been received by the NVD.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD
View on NVD

Affected products (CPE)

ProductCPE
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*
ivanti / connect secure cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
ivanti / policy secure cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
ivanti / policy secure cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*
ivanti / policy secure cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*

References