CVE-2024-47906

High

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before…

ivanti·CWE-267·Published 2024-11-12

CVSS

7.8

EPSS

0.00

KEV

Exploits

cve.orgen

239 chars

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

NVDen

239 chars

NVDes

273 chars

Los privilegios binarios excesivos en Ivanti Connect Secure, que afectan a las versiones 22.4R2 a 22.7R2.2 inclusive dentro de la línea de lanzamiento R2 y a Ivanti Policy Secure anterior a la versión 22.7R1.2, permiten que un atacante autenticado local escale privilegios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H