CVE-2024-9420: 
Ivanti Connect Secure vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2024-9420) affects Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2. This vulnerability was discovered and disclosed in November 2024, impacting multiple versions of Ivanti's secure access products (NVD).

The vulnerability is classified as a use-after-free (CWE-416) issue that could allow remote code execution. It has received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and requiring low privileges (NVD).

The vulnerability allows a remote authenticated attacker to achieve remote code execution on affected systems. Given the high CVSS score and the critical nature of the affected products, successful exploitation could lead to complete system compromise (Security Online).

Ivanti has released security updates to address this vulnerability. Users are advised to upgrade to Ivanti Connect Secure version 22.7R2.3 or 9.1R18.9 and Ivanti Policy Secure version 22.7R1.2. These updates provide comprehensive fixes for the vulnerability (ASEC).