CVE-2024-11633

Опубликовано: 10 дек. 2024

Источник: nvd

CVSS3: 9.1

CVSS3: 7.2

EPSS Средний

Описание

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

Ссылки

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*

Версия до 22.7 (исключая)

cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.15341

Средний

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-88

Связанные уязвимости

GHSA-34xq-28mr-q8v9

CVSS3: 9.1

github

около 1 года назад

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

EPSS

Процентиль: 94%

0.15341

Средний

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-88