CVE-2024-9845
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9845 is a recently disclosed cybersecurity vulnerability affecting Ivanti Automation before version 2024.4.0.1. This issue arises from insecure permissions within the software, enabling a local authenticated attacker to escalate privileges and gain elevated access to the system. By exploiting this vulnerability, an attacker can expand their domain within the organization, potentially leading to further security compromises. The precise conditions under which this privilege escalation can occur are yet to be fully understood, making it crucial for organizations using Ivanti Automation to promptly install the patch to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Ivanti Software Inc.