Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-10644
CVE-2024-10644:
Ivanti Connect Secure vulnerability analysis and mitigation
Overview
Code injection vulnerability (CVE-2024-10644) affects Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3. The vulnerability allows a remote authenticated attacker with admin privileges to achieve remote code execution on affected systems. This critical vulnerability has been assigned a CVSS score of 9.1 (Hacker News, Censys).
Technical details
The vulnerability is classified as a code injection flaw (CWE-94) that specifically affects the administrative interface of Ivanti Connect Secure and Policy Secure products. It requires authentication and administrative privileges for successful exploitation, which represents a significant barrier to exploitation compared to unauthenticated vulnerabilities. The critical severity rating of CVSS 9.1 with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H indicates the potential for complete compromise of system confidentiality, integrity, and availability (NVD).
Impact
If successfully exploited, the vulnerability allows an authenticated attacker with administrative privileges to execute arbitrary code on the affected system. This could potentially lead to complete system compromise, allowing attackers to gain full control over the affected Ivanti Connect Secure or Policy Secure installations (Hacker News).
Mitigation and workarounds
Ivanti has released security updates to address this vulnerability. Users are strongly advised to upgrade to Ivanti Connect Secure version 22.7R2.4 or later, and Ivanti Policy Secure version 22.7R1.3 or later. According to Censys data, there are approximately 33,232 exposed Ivanti Connect Secure and Ivanti CSA instances online, with 14,574 instances potentially vulnerable to this flaw (Censys, Hacker News).
Community reactions
Ivanti has acknowledged that its edge products have been targeted by sophisticated threat actors and is making efforts to improve its software security. The company has enhanced internal scanning, manual exploitation and testing capabilities, increased collaboration with the security ecosystem, and become a CVE Numbering Authority to better address security concerns (Hacker News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management