CVE-2024-38657
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/02/2025
Last modified:
09/07/2025
Description
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.
Impact
Base Score 3.x
4.90
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:* | ||
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page