CVE-2024-21888

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 31, 2024

Summary

CVE-2024-21888 is a privilege escalation vulnerability affecting Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) web components. An attacker can exploit this flaw to gain administrator privileges, potentially compromising the targeted system. This vulnerability poses a significant risk for organizations using these Ivanti products and requires immediate attention for patching. Users should apply the latest security updates as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ivanti Connect Secure
Ivanti Policy Secure

Affected Vendors

Ivanti Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uAV82n
https://www.cve.org/CVERecord?id=CVE-2024-21888
https://nvd.nist.gov/vuln/detail/CVE-2024-21888

Back to Vulnerability Database