📦

connect_secure

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 14 CISA KEV List
PoC / Exploits 11 Code Available
Total RCEs 34 Remote Access
Total CVEs 184 Total Indexed
Avg. EPSS 13.96% Exploit Prob.
Latest CVE CVE-2025-8712 Sep 09

Security Vulnerability Index

Page 5 / 19
9.1 CVSS
CVE-2024-38656
RCE

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 14.31%
7.2 CVSS
CVE-2024-38655
RCE

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 18.28%
7.5 CVSS
CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

EPSS: 5.88%
7.5 CVSS
CVE-2024-37400

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

EPSS: 5.01%
9.1 CVSS
CVE-2024-11006
RCE

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 22.17%
9.1 CVSS
CVE-2024-11005
RCE

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 22.17%
6.1 CVSS
CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

EPSS: 0.37%
8.8 CVSS
CVE-2024-9420
RCE

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

EPSS: 18.64%
7.5 CVSS
CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

EPSS: 5.08%
4.9 CVSS
CVE-2024-47909
RCE

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

EPSS: 1.62%