📦

connect_secure

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 14 CISA KEV List
PoC / Exploits 11 Code Available
Total RCEs 34 Remote Access
Total CVEs 184 Total Indexed
Avg. EPSS 13.96% Exploit Prob.
Latest CVE CVE-2025-8712 Sep 09

Security Vulnerability Index

Page 4 / 19
Critical Target
9.0 CVSS
CVE-2025-0282
Exploit Found

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

EPSS: 94.13%
7.5 CVSS
CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

EPSS: 7.66%
7.5 CVSS
CVE-2024-37377
RCE

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

EPSS: 4.68%
7.1 CVSS
CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

EPSS: 0.44%
9.1 CVSS
CVE-2024-11634
RCE

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

EPSS: 14.23%
9.1 CVSS
CVE-2024-11633
RCE

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

EPSS: 12.69%
9.1 CVSS
CVE-2024-39712
RCE

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 12.41%
9.1 CVSS
CVE-2024-39711
RCE

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 12.41%
9.1 CVSS
CVE-2024-39710
RCE

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 12.41%
7.8 CVSS
CVE-2024-39709

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

EPSS: 0.12%