CVE-2024-38656

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

Published: Nov 13, 2024 / Updated: 7d ago

010
CVSS 9.1EPSS 0.04%Critical
CVE info copied to clipboard

Summary

Argument injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows a remote authenticated attacker with admin privileges to achieve remote code execution. This affects Ivanti Connect Secure versions before 22.7R2.2 and 9.1R18.9, and Ivanti Policy Secure versions before 22.7R1.2.

Impact

This vulnerability allows an attacker with admin privileges to execute arbitrary code remotely on the affected systems. Given the high CVSS base score of 9.1, it indicates a critical severity level. The impact on confidentiality, integrity, and availability is high, meaning an attacker could potentially gain full control of the affected systems, access sensitive data, modify system configurations, and disrupt services.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Patches are available. Ivanti has released updated versions that address this vulnerability: - For Ivanti Connect Secure: Update to version 22.7R2.2 or 9.1R18.9 or later - For Ivanti Policy Secure: Update to version 22.7R1.2 or later

Mitigation

1. Immediately update Ivanti Connect Secure to version 22.7R2.2 or 9.1R18.9 or later, and Ivanti Policy Secure to version 22.7R1.2 or later. 2. Implement strong access controls and regularly audit admin accounts to ensure only necessary personnel have admin privileges. 3. Monitor systems for suspicious activities, especially those involving admin accounts. 4. Implement network segmentation to limit the potential impact of a successful exploit. 5. Apply the principle of least privilege across your network to minimize the risk of privilege escalation.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-38656

Nov 13, 2024 at 2:15 AM
First Article

Feedly found the first article mentioning CVE-2024-38656. See article

Nov 13, 2024 at 2:21 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 13, 2024 at 2:21 AM
CVSS

A CVSS base score of 9.1 has been assigned.

Nov 13, 2024 at 7:40 PM / nvd
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (211467)

Nov 16, 2024 at 12:15 AM
Static CVE Timeline Graph

Affected Systems

Ivanti/connect_secure
+null more

Attack Patterns

CAPEC-137: Parameter Injection
+null more

News

Ivanti Policy Secure 22.7R1.2 (Build 1485) Multiple Vulnerabilities
- Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. - Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Multiple Vulnerabilities in Ivanti Products (November 2024) - Policy Secure
Development Last Updated: 11/15/2024 CVEs: CVE-2024-29211 , CVE-2024-39709 , CVE-2024-9843 , CVE-2024-38654 , CVE-2024-39711 , CVE-2024-37400 , CVE-2024-11005 , CVE-2024-7571 , CVE-2024-11007 , CVE-2024-8495 , CVE-2024-38656 , CVE-2024-47905 , CVE-2024-37398 , CVE-2024-47907 , CVE-2024-38655 , CVE-2024-38649 , CVE-2024-11004 , CVE-2024-9420 , CVE-2024-11006 , CVE-2024-39710 , CVE-2024-47909 , CVE-2024-8539 , CVE-2024-47906 , CVE-2024-39712
Focus Friday: Third-Party Risk Insights Into Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd Vulnerabilities With Black Kite’s FocusTags™
Black Kite’s FocusTag™ for Atlassian Jira, published on November 13, 2024, enables TPRM professionals to identify vendors potentially affected by CVE-2021-26086. Third-Party Risk Management (TPRM) professionals should be concerned about CVE-2021-26086 because it allows unauthorized access to sensitive files on vulnerable Jira instances.
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, and Secure Access Client
Ivanti Policy Secure (IPS) is a Network Access Control (NAC) solution providing access to authorized and secured users and devices. All the vulnerabilities have a CVSS score of 9.1, impacting various Connect Secure and Policy Secure versions.
Multiple Vulnerabilities in Ivanti Products (November 2024)
Development Last Updated: 11/14/2024 CVEs: CVE-2024-29211 , CVE-2024-39709 , CVE-2024-9843 , CVE-2024-38654 , CVE-2024-39711 , CVE-2024-37400 , CVE-2024-11005 , CVE-2024-7571 , CVE-2024-11007 , CVE-2024-8495 , CVE-2024-38656 , CVE-2024-47905 , CVE-2024-37398 , CVE-2024-47907 , CVE-2024-38655 , CVE-2024-38649 , CVE-2024-11004 , CVE-2024-9420 , CVE-2024-11006 , CVE-2024-39710 , CVE-2024-47909 , CVE-2024-8539 , CVE-2024-47906 , CVE-2024-39712
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Changed
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI