Privilege Escalation in Ivanti Connect Secure & Policy Secure Web Component
CVE-2024-21888 Published on January 31, 2024
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-21888
stack.watch emails you whenever new vulnerabilities are published in Ivanti Connect Secure or Ivanti Policy Secure. Just hit a watch button to start following.
Affected Versions
Ivanti ICS:- Version 9.1R18, <= 9.1R18 is affected.
- Version 22.6R2, <= 22.6R2 is affected.
- Version 9.1R18, <= 9.1R18 is affected.
- Version 22.6R1, <= 22.6R1 is affected.
- Version 9.0 and below 10.0 is affected.
- Version 22.0 and below 23.0 is affected.
- Version 22.0 and below 23.0 is affected.
- Version 9.0 and below 10.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.