CVE-2024-11598

Published: Dec 11, 2024Modified: Jan 23, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.

Affected (7)

Products: Ivanti: Application Control

Ivanti

1 product

Application Control

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ivanti Application Control	Up to 2023.3
Ivanti Application Control	Version 2023.3
Ivanti Application Control	Version 2023.3 hf1
Ivanti Application Control	Version 2023.3 hf2
Ivanti Application Control	Version 2024.1
Ivanti Application Control	Version 2024.1 hf1
Ivanti Application Control	Version 2024.3

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (1)

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Application-Control-CVE-2024-11598

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Vendor Advisory

Timeline

No history available yet.