CVE-2024-9845

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 11, 2024
Updated: Dec 13, 2024
CWE ID 276

Summary

CVE-2024-9845 is a recently disclosed cybersecurity vulnerability affecting Ivanti Automation before version 2024.4.0.1. This issue arises from insecure permissions within the software, enabling a local authenticated attacker to escalate privileges and gain elevated access to the system. By exploiting this vulnerability, an attacker can expand their domain within the organization, potentially leading to further security compromises. The precise conditions under which this privilege escalation can occur are yet to be fully understood, making it crucial for organizations using Ivanti Automation to promptly install the patch to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share