CVE-2024-10644

Critical CVSS 9.1

Overview

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CWE: CWE-94 Published: 2025-02-11T16:15:38.360

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.1 (CRITICAL)
Detected tags: rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags