1. What is this vulnerability and why does it matter?

This vulnerability, CVE-2024-37404, is an Improper Input Validation flaw located in the administrative portal of Ivanti Connect Secure and Ivanti Policy Secure products. It matters significantly because it allows a remote authenticated attacker to achieve remote code execution (RCE). RCE is one of the most critical types of vulnerabilities, as it grants attackers the ability to execute arbitrary code on the affected system, potentially leading to full system compromise, data exfiltration, or further network penetration.

2. What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 8.8. This indicates a High severity level. The vulnerability was published on October 18, 2024, at 23:06:49 UTC, and last modified on October 21, 2024, at 17:22:47 UTC.

3. Which products, vendors, systems, and versions are affected?

The affected products are Ivanti Connect Secure and Ivanti Policy Secure.

• For Ivanti Connect Secure, versions before 22.7R2.1 and 9.1R18.9 are affected.
• For Ivanti Policy Secure, versions before 22.7R1.1 are affected.

The vendor is Ivanti.

4. What is the technical root cause and attack vector?

The technical root cause of CVE-2024-37404 is an Improper Input Validation vulnerability. This means the affected software fails to correctly validate or sanitize user-supplied input. The attack vector is through the administrative portal of the Ivanti products, requiring a remote authenticated attacker.

5. How can this vulnerability be exploited?

This vulnerability can be exploited by a remote authenticated attacker. By leveraging the Improper Input Validation flaw within the admin portal of Ivanti Connect Secure or Ivanti Policy Secure, an attacker can inject and execute malicious code on the vulnerable system. The specific method of exploitation would involve crafting malicious input that bypasses the deficient validation checks, leading to remote code execution.

6. What mitigation steps and patches are available?

To mitigate this vulnerability, users should upgrade their Ivanti Connect Secure and Ivanti Policy Secure installations to patched versions.

• For Ivanti Connect Secure, upgrade to version 22.7R2.1 or later, or 9.1R18.9 or later.
• For Ivanti Policy Secure, upgrade to version 22.7R1.1 or later.

These versions address the Improper Input Validation flaw.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by checking the version number of Ivanti Connect Secure and Ivanti Policy Secure installations.

• Systems running Ivanti Connect Secure older than 22.7R2.1 or 9.1R18.9 are vulnerable.
• Systems running Ivanti Policy Secure older than 22.7R1.1 are vulnerable.

Administrators should access their Ivanti product's system information or management interface to verify the installed software version.

10. What public intelligence references and advisories exist?

The primary public intelligence reference for this vulnerability is its CVE identifier, CVE-2024-37404. Additional advisories would typically be found on the Ivanti security advisories page or through national cybersecurity agencies once published.

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2024-37404 is High, with a CVSS score of 8.8. The urgency level is critical due to the potential for remote code execution by an authenticated attacker. RCE can lead to complete compromise of the affected device, potentially impacting the confidentiality, integrity, and availability of connected systems and data. Organizations using affected versions should prioritize patching immediately.