RCE via Improper Input in Ivanti Connect Secure Admin before 22.7R2.1
CVE-2024-37404 Published on October 18, 2024

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

NVD

Products Associated with CVE-2024-37404

Want to know whenever a new CVE is published for Ivanti Connect Secure? stack.watch will email you.

Ivanti Connect Secure

Affected Versions

Ivanti Connect Secure:

Version 22.7R2.1 and below 22.7R2.1 is affected.
Version 9.1R18.9 and below 9.1R18.9 is affected.

Ivanti Policy Secure:

Version 22.7R1.1 and below 22.7R1.1 is affected.

ivanti connect_secure:

Before 22.7r2.1 is affected.
Before 9.1r18.9 is affected.

ivanti policy_secure:

Before 22.7r1.1 is affected.

Exploit Probability

EPSS

83.86%

Percentile

99.28%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

RCE via Improper Input in Ivanti Connect Secure Admin before 22.7R2.1CVE-2024-37404 Published on October 18, 2024

Products Associated with CVE-2024-37404

Affected Versions

Exploit Probability

RCE via Improper Input in Ivanti Connect Secure Admin before 22.7R2.1
CVE-2024-37404 Published on October 18, 2024