CVE-2024-39709

Summary

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

Affected Software

VendorProductVersion RangeStatus
IvantiConnect Secure22.6R2 < 22.6R2affected
IvantiPolicy Secure22.7R1 < 22.7R1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References