Multiple vulnerabilities in Ivanti Connect Secure



Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2024-11633
CVE-2024-9844
CWE-ID CWE-88
CWE-602
Exploitation vector Network
Public exploit N/A
Vulnerable software
Ivanti Connect Secure (formerly Pulse Connect Secure)
Server applications / Remote access servers, VPN

Vendor Ivanti

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Neutralization of Argument Delimiters in a Command

EUVDB-ID: #VU101676

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-11633

CWE-ID: CWE-88 - Argument Injection or Modification

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper validation of arguments. A remote authenticated user with admin privileges can pass specially crafted input to the application and execute arbitrary commands.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Ivanti Connect Secure (formerly Pulse Connect Secure): 22.2 - 22.7R2.3

CPE2.3 External links

http://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Client-Side Enforcement of Server-Side Security

EUVDB-ID: #VU101674

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-9844

CWE-ID: CWE-602 - Client-Side Enforcement of Server-Side Security

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed controls in Secure Application Manager. A remote authenticated user can bypass implemented security restrictions and gain access to sensitive information or modify certain data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Ivanti Connect Secure (formerly Pulse Connect Secure): 22.2 - 22.7R2.3

CPE2.3 External links

http://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###