Platform
ivanti
Component
ivanti-connect-secure
Fixed in
22.7R2.4
22.7R1.3
CVE-2024-10644 describes a critical remote code execution (RCE) vulnerability affecting Ivanti Connect Secure versions up to and including 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3. An authenticated attacker with administrative privileges can exploit this flaw to inject arbitrary code, potentially gaining complete control over the affected system. A fix is available in version 22.7R2.4, and immediate patching is strongly recommended.
The impact of CVE-2024-10644 is severe. Successful exploitation allows a remote, authenticated administrator to execute arbitrary code on the Ivanti Connect Secure server. This can lead to complete system compromise, including data exfiltration, privilege escalation, and the installation of persistent malware. Attackers could leverage this access to pivot to other systems within the network, leading to widespread lateral movement and a significant blast radius. Given the nature of Ivanti Connect Secure as a gateway for remote access, a successful attack could expose sensitive internal resources and intellectual property. The requirement for admin privileges, while a barrier, does not negate the severity, as attackers may attempt to compromise accounts with these privileges.
CVE-2024-10644 has garnered significant attention due to its critical severity and potential for widespread exploitation. It was publicly disclosed on 2025-02-11. While no active exploitation campaigns have been definitively confirmed as of this writing, the availability of a remote code execution vulnerability with administrative privilege requirements makes it a high-value target for attackers. The vulnerability is tracked on CISA KEV, indicating a heightened risk of exploitation. Public proof-of-concept exploits are anticipated and should be monitored for.
Exploit Status
EPSS
6.84% (91% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-10644 is to immediately upgrade Ivanti Connect Secure to version 22.7R2.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. While no specific WAF rules are publicly available, restricting access to potentially vulnerable endpoints and implementing strict authentication policies can help reduce the attack surface. Monitor system logs for suspicious activity, particularly attempts to execute commands or access sensitive files. After upgrading, verify the fix by attempting to reproduce the vulnerability using known exploitation techniques (if available) or by reviewing Ivanti's security advisory for confirmation.
Update Ivanti Connect Secure to version 22.7R2.4 or later. This will address the code injection vulnerability that allows remote code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-10644 is a critical remote code execution vulnerability in Ivanti Connect Secure versions up to 22.7R2.4. An authenticated admin can inject code, potentially leading to full system compromise.
You are affected if you are running Ivanti Connect Secure versions prior to 22.7R2.4. Check your version and upgrade immediately.
Upgrade Ivanti Connect Secure to version 22.7R2.4 or later. If immediate upgrade is not possible, implement temporary workarounds as described in the advisory.
While no active exploitation campaigns have been definitively confirmed, the vulnerability's severity and ease of exploitation make it a high-value target, and exploitation is likely.
Refer to the official Ivanti Security Advisory for detailed information and mitigation steps: [https://www.ivanti.com/support/security-advisories/SB0063](https://www.ivanti.com/support/security-advisories/SB0063)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.