Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
History

Sat, 23 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Description Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges. Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

Wed, 13 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti connect Secure
Ivanti policy Secure
Weaknesses CWE-732
CPEs cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti connect Secure
Ivanti policy Secure
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
Description Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges.
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-11-13T01:54:45.448Z

Updated: 2024-11-23T21:06:04.916Z

Reserved: 2024-06-28T01:04:08.820Z

Link: CVE-2024-39709

cve-icon Vulnrichment

Updated: 2024-11-13T18:12:35.915Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-13T02:15:18.993

Modified: 2024-11-23T21:15:14.647

Link: CVE-2024-39709

cve-icon Redhat

No data.