CVE-2024-47906
12.11.2024, 16:15
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ivanti | connect_secure | 𝑥 < 9.1 |
| ivanti | connect_secure | 9.1 < 𝑥 < 22.7 |
| ivanti | connect_secure | 22.7 |
| ivanti | connect_secure | 22.7:r1 |
| ivanti | connect_secure | 22.7:r1.1 |
| ivanti | connect_secure | 22.7:r1.2 |
| ivanti | connect_secure | 22.7:r1.3 |
| ivanti | connect_secure | 22.7:r1.4 |
| ivanti | connect_secure | 22.7:r1.5 |
| ivanti | connect_secure | 22.7:r2 |
| ivanti | connect_secure | 22.7:r2.1 |
| ivanti | connect_secure | 22.7:r2.2 |
| ivanti | policy_secure | 𝑥 < 9.1 |
| ivanti | policy_secure | 9.1 < 𝑥 < 22.7 |
| ivanti | policy_secure | 22.7:r1 |
| ivanti | policy_secure | 22.7:r1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-267 - Privilege Defined With Unsafe ActionsA particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
- CWE-426 - Untrusted Search PathThe application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.