7.8
CVE-2024-39709
- EPSS 0.1%
- Veröffentlicht 13.11.2024 02:15:18
- Zuletzt bearbeitet 16.07.2025 00:32:01
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version < 9.1
Ivanti ≫ Connect Secure Version >= 21.9 < 22.6
Ivanti ≫ Connect Secure Version9.1 Update-
Ivanti ≫ Connect Secure Version22.6 Update-
Ivanti ≫ Connect Secure Version22.6 Updater1
Ivanti ≫ Policy Secure Update- Version < 9.1
Ivanti ≫ Policy Secure Version >= 22.1 < 22.7
Ivanti ≫ Policy Secure Version9.1 Update-
Ivanti ≫ Policy Secure Version22.7 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.29 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| support@hackerone.com | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.