CVE-2024-38656
CVSS 3.1 Score 9.1 of 10 (high)
Details
Published Nov 13, 2024
CWE ID 88
Summary
CVE-2024-38656 is a newly disclosed vulnerability affecting Ivanti Connect Secure versions before 22.7R2.2 and Ivanti Policy Secure versions before 22.7R1.2. This issue permits a remote, authenticated attacker with administrative privileges to execute arbitrary code through argument injection. Successful exploitation could lead to significant security consequences, including unauthorized system access or data theft. Ivanti strongly recommends all users upgrade to the latest versions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share