Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs)
|
Brocade Security Advisory ID |
BSA-2025-2893 |
|
Component |
Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) |
|
|
|
Summary
Brocade Security Team has become aware of CVEs for Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client ISAC.
Vulnerability Details
| CVE Number | Description | CVSS Score (Severity) | CVSS Vector | CWE | Impacted Product(s) |
| CVE-2024-47905 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | 4.9 (Medium) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | CWE-121 | Connect Secure & Policy Secure |
| CVE-2024-37400 | An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. | 7.5 (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-835, CWE-125 | Connect Secure |
| CVE-2024-9420 | A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | 8.8 (High) | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | CWE-416 | Connect Secure & Policy Secure |
| CVE-2024-47906 | Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | 7.8 (High) | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-267, CWE-426 | Connect Secure & Policy Secure |
|
CVE-2024-47907 |
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-121 | Connect Secure |
| CVE-2024-47909 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | 4.9 (Medium) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | CWE-121 | Connect Secure & Policy Secure |
| CVE-2024-8495 | A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-476 | Connect Secure & Policy Secure |
| CVE-2024-38649 | An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. | 7.5 (High) | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-787 | Connect Secure |
| CVE-2024-38655 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CWE-88 | Connect Secure & Policy Secure |
| CVE-2024-38656 | Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-434, CWE-88 | Connect Secure & Policy Secure |
|
CVE-2024-39709 |
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. | 7.8 (High) | CVSS3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-732 | Connect Secure & Policy Secure |
|
CVE-2024-39710 |
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-88 | Connect Secure & Policy Secure |
| CVE-2024-39711 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-88 | Connect Secure & Policy Secure |
| CVE-2024-39712 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-88 | Connect Secure & Policy Secure |
| CVE-2024-11007 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-78 | Connect Secure & Policy Secure |
| CVE-2024-11006 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-78 | Connect Secure & Policy Secure |
| CVE-2024-11005 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-78 | Connect Secure & Policy Secure |
| CVE-2024-11004 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | 6.1 (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79 | Connect Secure & Policy Secure |
| CVE-2024-8539 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | 7.1 (High) | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | CWE-267 |
Secure Access Client (Windows/Linux/macOS) |
| CVE-2024-38654 | Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. | 4.4 (Medium) | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | CWE-120 | Secure Access Client (Windows/Linux/macOS) |
| CVE-2024-9842 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | 7.3 (High) | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H | CWE-267, CWE-732 |
Secure Access Client (Windows only) |
| CVE-2024-9843 | A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | 5.0 (Medium) | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H | CWE-126 | Secure Access Client (macOs only) |
| CVE-2024-29211 | A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | 7.1 (High) | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | CWE-362 | Secure Access Client (Windows/Linux/macOS) |
| CVE-2024-37398 | Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 (High) | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-267, CWE-347, CWE-427 | Secure Access Client (Windows only) |
|
CVE-2024-7571 |
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 (High) | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-267 | Secure Access Client (Windows only) |
Products Affected
- No Brocade Fibre channel products from Broadcom Products are affected by these vulnerabilities.
- Brocade doesn't use Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client or any other Ivanti Products in its environment.
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
Fabruary 3, 2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.