CVE-2024-9420

EPSS 29.06%
Published 12.11.2024 16:15:26
Last modified 13.03.2025 16:15:25
Source 3c1d8aa1-5a33-4ea4-8992-aadd64
Teams watchlist Login
Open Login

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9

 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ivanti ≫ Connect Secure Version < 9.1

Ivanti ≫ Connect Secure Version >= 21.9 < 22.7

Ivanti ≫ Connect Secure Version9.1 Update-

Ivanti ≫ Connect Secure Version9.1 Updater1

Ivanti ≫ Connect Secure Version9.1 Updater1.0

Ivanti ≫ Connect Secure Version9.1 Updater10

Ivanti ≫ Connect Secure Version9.1 Updater10.0

Ivanti ≫ Connect Secure Version9.1 Updater10.2

Ivanti ≫ Connect Secure Version9.1 Updater11

Ivanti ≫ Connect Secure Version9.1 Updater11.0

Ivanti ≫ Connect Secure Version9.1 Updater11.1

Ivanti ≫ Connect Secure Version9.1 Updater11.3

Ivanti ≫ Connect Secure Version9.1 Updater11.4

Ivanti ≫ Connect Secure Version9.1 Updater11.5

Ivanti ≫ Connect Secure Version9.1 Updater12

Ivanti ≫ Connect Secure Version9.1 Updater12.1

Ivanti ≫ Connect Secure Version9.1 Updater12.2

Ivanti ≫ Connect Secure Version9.1 Updater13

Ivanti ≫ Connect Secure Version9.1 Updater13.1

Ivanti ≫ Connect Secure Version9.1 Updater14

Ivanti ≫ Connect Secure Version9.1 Updater14.4

Ivanti ≫ Connect Secure Version9.1 Updater15

Ivanti ≫ Connect Secure Version9.1 Updater15.2

Ivanti ≫ Connect Secure Version9.1 Updater16

Ivanti ≫ Connect Secure Version9.1 Updater16.1

Ivanti ≫ Connect Secure Version9.1 Updater17

Ivanti ≫ Connect Secure Version9.1 Updater17.1

Ivanti ≫ Connect Secure Version9.1 Updater17.2

Ivanti ≫ Connect Secure Version9.1 Updater18

Ivanti ≫ Connect Secure Version9.1 Updater18.1

Ivanti ≫ Connect Secure Version9.1 Updater18.2

Ivanti ≫ Connect Secure Version9.1 Updater18.3

Ivanti ≫ Connect Secure Version9.1 Updater18.7

Ivanti ≫ Connect Secure Version9.1 Updater18.8

Ivanti ≫ Connect Secure Version9.1 Updater2

Ivanti ≫ Connect Secure Version9.1 Updater2.0

Ivanti ≫ Connect Secure Version9.1 Updater3

Ivanti ≫ Connect Secure Version9.1 Updater3.0

Ivanti ≫ Connect Secure Version9.1 Updater4

Ivanti ≫ Connect Secure Version9.1 Updater4.0

Ivanti ≫ Connect Secure Version9.1 Updater4.1

Ivanti ≫ Connect Secure Version9.1 Updater4.2

Ivanti ≫ Connect Secure Version9.1 Updater4.3

Ivanti ≫ Connect Secure Version9.1 Updater5

Ivanti ≫ Connect Secure Version9.1 Updater5.0

Ivanti ≫ Connect Secure Version9.1 Updater6

Ivanti ≫ Connect Secure Version9.1 Updater6.0

Ivanti ≫ Connect Secure Version9.1 Updater7

Ivanti ≫ Connect Secure Version9.1 Updater7.0

Ivanti ≫ Connect Secure Version9.1 Updater8

Ivanti ≫ Connect Secure Version9.1 Updater8.0

Ivanti ≫ Connect Secure Version9.1 Updater8.1

Ivanti ≫ Connect Secure Version9.1 Updater8.2

Ivanti ≫ Connect Secure Version9.1 Updater8.4

Ivanti ≫ Connect Secure Version9.1 Updater9

Ivanti ≫ Connect Secure Version9.1 Updater9.0

Ivanti ≫ Connect Secure Version9.1 Updater9.1

Ivanti ≫ Connect Secure Version9.1 Updater9.2

Ivanti ≫ Connect Secure Version22.7 Update-

Ivanti ≫ Connect Secure Version22.7 Updater1

Ivanti ≫ Connect Secure Version22.7 Updater1.1

Ivanti ≫ Connect Secure Version22.7 Updater1.2

Ivanti ≫ Connect Secure Version22.7 Updater1.3

Ivanti ≫ Connect Secure Version22.7 Updater1.4

Ivanti ≫ Connect Secure Version22.7 Updater1.5

Ivanti ≫ Connect Secure Version22.7 Updater2

Ivanti ≫ Connect Secure Version22.7 Updater2.1

Ivanti ≫ Connect Secure Version22.7 Updater2.2

Ivanti ≫ Policy Secure Version < 22.7

Ivanti ≫ Policy Secure Version22.7 Update-

Ivanti ≫ Policy Secure Version22.7 Updater1

Ivanti ≫ Policy Secure Version22.7 Updater1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	29.06%	0.964

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-9420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9420

EUVD