CVE-2024-9420

Use After Free (CWE-416)

Published: Nov 12, 2024 / Updated: 7d ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

A use-after-free vulnerability has been identified in Ivanti Connect Secure and Ivanti Policy Secure. This vulnerability allows a remote authenticated attacker to achieve remote code execution. The issue affects Ivanti Connect Secure versions before 22.7R2.3 and Ivanti Policy Secure versions before 22.7R1.2.

Impact

The impact of this vulnerability is severe. It allows an authenticated attacker to execute arbitrary code remotely on the affected systems. This can lead to complete system compromise, including: 1. Unauthorized access to sensitive data 2. Modification or destruction of data 3. Installation of malware or backdoors 4. Use of the compromised system as a launching point for further attacks 5. Potential disruption of services or system availability The CVSS v3.1 base score of 8.8 (High) indicates a significant risk, with high impacts on confidentiality, integrity, and availability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Patches are available. Ivanti has released updated versions to address this vulnerability: - For Ivanti Connect Secure: Update to version 22.7R2.3 or later - For Ivanti Policy Secure: Update to version 22.7R1.2 or later It is strongly recommended to apply these patches as soon as possible to mitigate the risk.

Mitigation

While patching is the most effective mitigation, if immediate patching is not possible, consider the following temporary mitigation strategies: 1. Limit network access to the affected Ivanti Connect Secure and Policy Secure systems, allowing only trusted IP addresses. 2. Implement strong authentication mechanisms and regularly review and update user access privileges. 3. Monitor systems for suspicious activities, focusing on signs of unauthorized access or unusual behavior. 4. Implement network segmentation to isolate affected systems from critical assets. 5. Regularly backup data and ensure the ability to quickly restore systems if compromised. 6. Consider disabling the affected systems if they are not critical until patching can be completed. However, these measures should only be considered temporary, and patching should be prioritized due to the severity of the vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9420

Nov 12, 2024 at 4:15 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Nov 12, 2024 at 4:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9420. See article

Nov 12, 2024 at 4:22 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 12, 2024 at 4:23 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.1%)

Nov 13, 2024 at 5:05 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (211453)

Nov 15, 2024 at 8:16 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (211467)

Nov 16, 2024 at 12:15 AM
Static CVE Timeline Graph

Affected Systems

Ivanti/connect_secure
+null more

News

Ivanti Policy Secure 22.7R1.2 (Build 1485) Multiple Vulnerabilities
- Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. - Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Pulse Connect Secure < 22.7R2.3 Multiple Vulnerabilities (000096001)
The version of Pulse Connect Secure installed on the remote host is prior to 22.7R2.3. - Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.
Multiple Vulnerabilities in Ivanti Products (November 2024) - Policy Secure
Development Last Updated: 11/15/2024 CVEs: CVE-2024-29211 , CVE-2024-39709 , CVE-2024-9843 , CVE-2024-38654 , CVE-2024-39711 , CVE-2024-37400 , CVE-2024-11005 , CVE-2024-7571 , CVE-2024-11007 , CVE-2024-8495 , CVE-2024-38656 , CVE-2024-47905 , CVE-2024-37398 , CVE-2024-47907 , CVE-2024-38655 , CVE-2024-38649 , CVE-2024-11004 , CVE-2024-9420 , CVE-2024-11006 , CVE-2024-39710 , CVE-2024-47909 , CVE-2024-8539 , CVE-2024-47906 , CVE-2024-39712
Focus Friday: Third-Party Risk Insights Into Atlassian Jira, Ivanti Connect Secure, and Nostromo nhttpd Vulnerabilities With Black Kite’s FocusTags™
Black Kite’s FocusTag™ for Atlassian Jira, published on November 13, 2024, enables TPRM professionals to identify vendors potentially affected by CVE-2021-26086. Third-Party Risk Management (TPRM) professionals should be concerned about CVE-2021-26086 because it allows unauthorized access to sensitive files on vulnerable Jira instances.
Multiple Vulnerabilities in Ivanti Products (November 2024)
Development Last Updated: 11/14/2024 CVEs: CVE-2024-29211 , CVE-2024-39709 , CVE-2024-9843 , CVE-2024-38654 , CVE-2024-39711 , CVE-2024-37400 , CVE-2024-11005 , CVE-2024-7571 , CVE-2024-11007 , CVE-2024-8495 , CVE-2024-38656 , CVE-2024-47905 , CVE-2024-37398 , CVE-2024-47907 , CVE-2024-38655 , CVE-2024-38649 , CVE-2024-11004 , CVE-2024-9420 , CVE-2024-11006 , CVE-2024-39710 , CVE-2024-47909 , CVE-2024-8539 , CVE-2024-47906 , CVE-2024-39712
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI