CVE-2024-10256
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Dec 10, 2024
CWE ID 732
Summary
CVE-2024-10256 is a newly disclosed vulnerability affecting Ivanti Patch SDK versions prior to 9.7.703. This issue grants local authenticated attackers improper file deletion permissions, enabling them to erase arbitrary files on affected systems. By taking advantage of this flaw, malicious actors can potentially disrupt or compromise the targeted environment. System administrators are urged to promptly update their Ivanti Patch SDK installations to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share