Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
Argument injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows a remote authenticated attacker with admin privileges to achieve remote code execution. This affects Ivanti Connect Secure versions before 22.7R2.2 and 9.1R18.9, and Ivanti Policy Secure versions before 22.7R1.2.
This vulnerability allows an attacker with admin privileges to execute arbitrary code remotely on the affected systems. Given the high CVSS base score of 9.1, it indicates a critical severity level. The impact on confidentiality, integrity, and availability is high, meaning an attacker could potentially gain full control of the affected systems, access sensitive data, modify system configurations, and disrupt services.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patches are available. Ivanti has released updated versions that address this vulnerability: - For Ivanti Connect Secure: Update to version 22.7R2.2 or 9.1R18.9 or later - For Ivanti Policy Secure: Update to version 22.7R1.2 or later
1. Immediately update Ivanti Connect Secure to version 22.7R2.2 or 9.1R18.9 or later, and Ivanti Policy Secure to version 22.7R1.2 or later. 2. Implement strong access controls and regularly audit admin accounts to ensure only necessary personnel have admin privileges. 3. Monitor systems for suspicious activities, especially those involving admin accounts. 4. Implement network segmentation to limit the potential impact of a successful exploit. 5. Apply the principle of least privilege across your network to minimize the risk of privilege escalation.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
NVD published the first details for CVE-2024-38656
Feedly found the first article mentioning CVE-2024-38656. See article
Feedly estimated the CVSS score as HIGH
A CVSS base score of 9.1 has been assigned.
Detection for the vulnerability has been added to Nessus (211467)