CVE-2024-47906
Nov. 22, 2024, 5:15 p.m.
7.8
High
Description
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
Product(s) Impacted
Product | Versions |
---|---|
Ivanti Policy Secure |
|
Ivanti Connect Secure |
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-267
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: LOW
- Scope: UNCHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: HIGH
- Availability Impact: HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
Published: Nov. 12, 2024, 4:15 p.m.
Last Modified: Nov. 22, 2024, 5:15 p.m.
Last Modified: Nov. 22, 2024, 5:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.