CVE-2024-21888: 
Ivanti Connect Secure vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2024-21888) was discovered in the web component of Ivanti Connect Secure (versions 9.x, 22.x) and Ivanti Policy Secure (versions 9.x, 22.x). The vulnerability allows an authenticated user to elevate their privileges to that of an administrator (NVD, CVE Mitre). The vulnerability was disclosed on January 31, 2024, and received a CVSSv3 score of 8.8, indicating high severity (Tenable Blog).

The vulnerability affects the web component of both Ivanti Connect Secure and Ivanti Policy Secure products. It has been assigned a CVSSv3.1 base score of 8.8 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability allows an authenticated user with low privileges to elevate their access rights to administrator level, potentially gaining full control over the affected system. This could lead to unauthorized administrative access and complete system compromise (NVD).

Ivanti has released patches for multiple versions including 9.1R14.5, 9.1R17.3, 9.1R18.4, 22.4R2.3, 22.5R1.2, 22.5R2.3 and 22.6R2.2 for Connect Secure, and 9.1R17.3, 9.1R18.4 and 22.5R1.2 for Policy Secure. For unpatched versions, Ivanti provides mitigation guidance through their KB article. It's recommended to perform a factory reset of the affected appliance before applying the patch to prevent potential persistence of threat actors (Tenable Blog).