CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ivanti:connect_secure:9.0:-::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r1::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r2::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r2.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r3::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r3.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r3.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r3.3::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r3.5::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r4::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r4.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r5.0::::::
	cpe:2.3:a:ivanti:connect_secure:9.0:r6.0::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r10::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11.3::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11.4::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11.5::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r12::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r12.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r13::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r13.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r14::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r15::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r15.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r16::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r16.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r17::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r17.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r18::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r18.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r18.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r3::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4.3::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r5::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r6::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r7::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r8::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r8.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r8.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r9::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r9.1::::::
	cpe:2.3:a:ivanti:connect_secure:21.9:r1::::::
	cpe:2.3:a:ivanti:connect_secure:21.12:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.1:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.1:r6::::::
	cpe:2.3:a:ivanti:connect_secure:22.2:-::::::
	cpe:2.3:a:ivanti:connect_secure:22.2:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.3:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.4:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.4:r2.1::::::
	cpe:2.3:a:ivanti:connect_secure:22.6:-::::::
	cpe:2.3:a:ivanti:connect_secure:22.6:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.6:r2::::::
	cpe:2.3:a:ivanti:connect_secure:22.6:r2.1::::::
	cpe:2.3:a:ivanti:policy_secure:9.0:-::::::
	cpe:2.3:a:ivanti:policy_secure:9.0:r1::::::
	cpe:2.3:a:ivanti:policy_secure:9.0:r2::::::
	cpe:2.3:a:ivanti:policy_secure:9.0:r2.1::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r3::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r3.1::::::
cpe:2.3:a:ivanti:policy_secure:9.0:r4::::::
cpe:2.3:a:ivanti:policy_secure:9.1:-::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r10::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r11::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r12::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r13::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r14::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r15::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r16::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r17::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r18::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r18.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r18.2::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r2::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r3::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r4::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r4.3::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r5::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r6::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r7::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r8::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r9::::::
cpe:2.3:a:ivanti:policy_secure:22.1:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.1:r6::::::
cpe:2.3:a:ivanti:policy_secure:22.2:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.2:r3::::::
cpe:2.3:a:ivanti:policy_secure:22.3:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.3:r3::::::
cpe:2.3:a:ivanti:policy_secure:22.4:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.4:r2::::::
cpe:2.3:a:ivanti:policy_secure:22.4:r2.1::::::
cpe:2.3:a:ivanti:policy_secure:22.5:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.6:r1::::::

History

No history.

Information

Published : 2024-01-31 18:15

Updated : 2024-01-31 19:53

NVD link : CVE-2024-21888

Mitre link : CVE-2024-21888

CVE.ORG link : CVE-2024-21888

JSON object : View

Products Affected

ivanti

connect_secure
policy_secure

CWE

NVD-CWE-noinfo

8.8 /10