CVE-2024-47906
Nov. 13, 2024, 5:01 p.m.
Tags
CVSS Score
Product(s) Impacted
Ivanti Policy Secure
- before 22.7R1.2
Ivanti Connect Secure
- 22.4R2 - 22.7R2.2
Description
Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.
Weaknesses
CWE-267
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
CWE ID: 267Date
Published: Nov. 12, 2024, 4:15 p.m.
Last Modified: Nov. 13, 2024, 5:01 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H