CVE-2024-10644

Published Feb 11, 2025

Last updated a year ago

CVSS critical 9.1
ICS

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-10644 is a code injection vulnerability found in Ivanti Connect Secure (versions prior to 22.7R2.4) and Ivanti Policy Secure (versions prior to 22.7R1.3). This vulnerability allows a remote, authenticated attacker with administrator privileges to execute arbitrary code. This vulnerability, along with others, was addressed by Ivanti in security updates released on February 11, 2025. Users of affected Ivanti products are strongly encouraged to update to the latest versions to mitigate the risk posed by this vulnerability. The latest versions are Ivanti Connect Secure 22.7R2.6 and Ivanti Policy Secure 22.7R1.3. It's important to note that this information is current as of February 14, 2025, and may change as new information becomes available.

Description
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-94

Social media

Hype score
Not currently trending

  1. 🚨 Critical security flaws discovered in Ivanti products could allow attackers to execute arbitrary code remotely. The vulnerabilities (CVE-2024-38657, CVE-2025-22467, CVE-2024-10644, and CVE-2024-47908) impact Ivanti Connect Secure, Policy Secure, and Cloud Services… https://t.

    @achi_tech

    13 Feb 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Critical security flaws discovered in Ivanti products could allow attackers to execute arbitrary code remotely. The vulnerabilities (CVE-2024-38657, CVE-2025-22467, CVE-2024-10644, and CVE-2024-47908) impact Ivanti Connect Secure, Policy Secure, and Cloud Services… https://t.

    @TheHackersNews

    12 Feb 2025

    16353 Impressions

    62 Retweets

    128 Likes

    15 Bookmarks

    2 Replies

    3 Quotes

  3. 🚨 CVE-2024-10644 ⚠️🔴 CRITICAL (9.1) 🏢 Ivanti - Connect Secure 🏗️ 22.7R2.4 🔗 https://t.co/kxEDS8mT9E #CyberCron #VulnAlert https://t.co/amotH519Yt

    @cybercronai

    11 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2024-10644: CRITICAL] Critical code injection vulnerability in Ivanti Connect Secure & Policy Secure allows remote attackers to achieve remote code execution. Update to version 22.7R2.4 or 22.7R1.3 immediately.#cybersecurity,#vulnerability https://t.co/MXhNGsNV3d https:/

    @CveFindCom

    11 Feb 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. CVE-2024-10085
  2. Android Framework Integer Overflow VulnerabilityCVE-2025-48595
  3. A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.CVE-2026-9039
  4. Ubiquiti UniFi OS Improper Access Control VulnerabilityCVE-2026-34908
  5. Ubiquiti UniFi OS Path Traversal VulnerabilityCVE-2026-34909

References

Sources include official advisories and independent security research.