CVE-2024-10256

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 10, 2024
CWE ID 732

Summary

CVE-2024-10256 is a newly disclosed vulnerability affecting Ivanti Patch SDK versions prior to 9.7.703. This issue grants local authenticated attackers improper file deletion permissions, enabling them to erase arbitrary files on affected systems. By taking advantage of this flaw, malicious actors can potentially disrupt or compromise the targeted environment. System administrators are urged to promptly update their Ivanti Patch SDK installations to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share