Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-11633 CVE-2024-9844 |
CWE-ID | CWE-88 CWE-602 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Ivanti Connect Secure (formerly Pulse Connect Secure) Server applications / Remote access servers, VPN |
Vendor | Ivanti |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU101676
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-11633
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper validation of arguments. A remote authenticated user with admin privileges can pass specially crafted input to the application and execute arbitrary commands.
Install updates from vendor's website.
Vulnerable software versionsIvanti Connect Secure (formerly Pulse Connect Secure): 22.2 - 22.7R2.3
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101674
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-9844
CWE-ID:
CWE-602 - Client-Side Enforcement of Server-Side Security
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed controls in Secure Application Manager. A remote authenticated user can bypass implemented security restrictions and gain access to sensitive information or modify certain data.
Install updates from vendor's website.
Vulnerable software versionsIvanti Connect Secure (formerly Pulse Connect Secure): 22.2 - 22.7R2.3
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.