CVE-2024-12058

Summary

CVE-2024-12058 is a vulnerability affecting Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3. This issue grants remote authenticated attackers with admin privileges the ability to control file names, resulting in the reading of arbitrary files on the targeted system. The vulnerability poses a significant risk, as attackers can potentially access sensitive information by manipulating file names. It is essential for organizations using these Ivanti products to apply the necessary patches or updates to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.