Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
History

Fri, 22 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
Description Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges. Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

Tue, 19 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti connect Secure
Ivanti policy Secure
CPEs cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti connect Secure
Ivanti policy Secure
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Description Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.
Weaknesses CWE-267
CWE-426
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published: 2024-11-12T15:59:53.269Z

Updated: 2024-11-22T16:31:00.963Z

Reserved: 2024-10-04T19:25:07.889Z

Link: CVE-2024-47906

cve-icon Vulnrichment

Updated: 2024-11-19T17:09:15.079Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-12T16:15:22.670

Modified: 2024-11-22T17:15:08.483

Link: CVE-2024-47906

cve-icon Redhat

No data.