← Back

CVE-2024-39709

nvd nist
Published: Nov 13, 2024Modified: Jul 16, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: support@hackerone.com (Secondary)

Description

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

Affected (9)

Ivanti
2 products
Connect Secure
Policy Secure
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Connect Secure
Before 9.1
Connect Secure
From 21.9 to 22.6
Connect Secure
Version 22.6
Connect Secure
Version 22.6 r1
Connect Secure
Version 9.1
Ivanti
Policy Secure
From 22.1 to 22.7
Policy Secure
Before 9.1
Policy Secure
Version 22.7
Policy Secure
Version 9.1

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

Source: support@hackerone.com
Vendor Advisory

Timeline

No history available yet.