CVE-2024-39709

Summary

CVE-2024-39709 is a newly disclosed vulnerability affecting Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1. This issue stems from incorrect file permissions, enabling a local authenticated attacker to escalate their privileges beyond intended levels. Successful exploitation of this vulnerability could result in significant unintended access and potential data compromise. Ivanti urges users to update to the latest versions as soon as possible to mitigate this risk. This vulnerability underscores the importance of maintaining secure file permissions and updating software in a timely manner.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.