CVE-2024-37404: 
Ivanti Connect Secure vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-37404) was discovered in Ivanti Connect Secure and Policy Secure products, affecting versions before 22.7R2.1 and 9.1R18.9 for Connect Secure, and versions before 22.7R1.1 for Policy Secure. The vulnerability stems from improper input validation in the admin portal and allows remote authenticated attackers to achieve remote code execution (NVD, SecurityOnline).

The vulnerability, assigned a CVSS score of 9.1 (Critical), exploits the Certificate Signing Request (CSR) generation process. The attack vector involves injecting Carriage Return Line Feed (CRLF) characters into the CSR form at /dana-admin/cert/admincertnewcsr.cgi, which bypasses validation checks. This manipulation allows attackers to modify the OpenSSL configuration file to load malicious libraries, ultimately achieving remote code execution with root privileges (SecurityOnline).

Successful exploitation of this vulnerability could result in complete system compromise, as the attack leads to code execution with root-level privileges. This gives attackers full control over the affected system, potentially allowing them to access sensitive data, modify system configurations, and establish persistent access (SecurityOnline).

Ivanti recommends immediate upgrade to the following versions: Connect Secure 22.7R2.1, 22.7R2.2, or 9.1R18.9, and Policy Secure 22.7R1.1. Additional mitigation steps include restricting admin access to isolated internal networks, implementing strong password policies and MFA, and enabling admin logging to monitor for unauthorized actions (SecurityOnline).