CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Configurations

No configuration.

History

22 Nov 2024, 17:15

Type Values Removed Values Added
Summary (en) Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (en) Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

13 Nov 2024, 17:01

Type Values Removed Values Added
Summary
  • (es) La inyección de comandos en Ivanti Connect Secure anterior a la versión 22.7R2.1 y en Ivanti Policy Secure anterior a la versión 22.7R1.1 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecución remota de código.

12 Nov 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-12 17:15

Updated : 2024-11-22 17:15


NVD link : CVE-2024-11006

Mitre link : CVE-2024-11006

CVE.ORG link : CVE-2024-11006


JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')