Today > 1 Critical | 2 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-9420

Nov. 27, 2024, 9:15 p.m.

Product(s) Impacted

Ivanti Connect Secure

  • before 22.7R2.3

Ivanti Policy Secure

  • before 22.7R1.2

Description

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

Weaknesses

CWE-416
Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CWE ID: 416

Date

Published: Nov. 12, 2024, 4:15 p.m.

Last Modified: Nov. 27, 2024, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

References

https://forums.ivanti.com/ 3c1d8aa1-5a33-4ea4-8992-aadd6440af75