CVE-2024-9420: Use After Free
First published: Tue Nov 12 2024(Updated: )
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
Credit: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Connect Secure (ICS) VPN | <9.1 | |
| Ivanti Connect Secure (ICS) VPN | >=21.9<22.7 | |
| Ivanti Connect Secure (ICS) VPN | =9.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r1.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r10 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r10.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r10.2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r11 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r11.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r11.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r11.3 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r11.4 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r11.5 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r12 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r12.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r12.2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r13 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r13.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r14 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r14.4 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r15 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r15.2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r16 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r16.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r17 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r17.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r17.2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r18 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r18.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r18.2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r18.3 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r18.7 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r18.8 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r2.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r3 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r3.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r4 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r4.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r4.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r4.2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r4.3 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r5 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r5.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r6 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r6.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r7 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r7.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r8 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r8.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r8.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r8.2 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r8.4 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r9 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r9.0 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r9.1 | |
| Ivanti Connect Secure (ICS) VPN | =9.1-r9.2 | |
| Ivanti Connect Secure (ICS) VPN | =22.7 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r1 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r1.1 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r1.2 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r1.3 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r1.4 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r1.5 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r2 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r2.1 | |
| Ivanti Connect Secure (ICS) VPN | =22.7-r2.2 | |
| Pulse Policy Secure | <22.7 | |
| Pulse Policy Secure | =22.7 | |
| Pulse Policy Secure | =22.7-r1 | |
| Pulse Policy Secure | =22.7-r1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-9420?
CVE-2024-9420 is considered a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2024-9420?
To fix CVE-2024-9420, upgrade Ivanti Connect Secure and Ivanti Policy Secure to versions 22.7R2.3, 22.7R1.2, or later.
Who is affected by CVE-2024-9420?
CVE-2024-9420 affects users of Ivanti Connect Secure versions before 22.7R2.3 and Ivanti Policy Secure versions before 22.7R1.2.
What kind of attack can exploit CVE-2024-9420?
CVE-2024-9420 can be exploited by a remote authenticated attacker to execute arbitrary code.
What should I do if I cannot immediately patch CVE-2024-9420?
If you cannot immediately patch CVE-2024-9420, consider implementing additional security measures such as firewalls and monitoring user access.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/trending
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ivanti
- canonical/ivanti connect secure (ics) vpn
- version/ivanti connect secure (ics) vpn/21.9
- version/ivanti connect secure (ics) vpn/9.1
- version/ivanti connect secure (ics) vpn/9.1-r1
- version/ivanti connect secure (ics) vpn/9.1-r1.0
- version/ivanti connect secure (ics) vpn/9.1-r10
- version/ivanti connect secure (ics) vpn/9.1-r10.0
- version/ivanti connect secure (ics) vpn/9.1-r10.2
- version/ivanti connect secure (ics) vpn/9.1-r11
- version/ivanti connect secure (ics) vpn/9.1-r11.0
- version/ivanti connect secure (ics) vpn/9.1-r11.1
- version/ivanti connect secure (ics) vpn/9.1-r11.3
- version/ivanti connect secure (ics) vpn/9.1-r11.4
- version/ivanti connect secure (ics) vpn/9.1-r11.5
- version/ivanti connect secure (ics) vpn/9.1-r12
- version/ivanti connect secure (ics) vpn/9.1-r12.1
- version/ivanti connect secure (ics) vpn/9.1-r12.2
- version/ivanti connect secure (ics) vpn/9.1-r13
- version/ivanti connect secure (ics) vpn/9.1-r13.1
- version/ivanti connect secure (ics) vpn/9.1-r14
- version/ivanti connect secure (ics) vpn/9.1-r14.4
- version/ivanti connect secure (ics) vpn/9.1-r15
- version/ivanti connect secure (ics) vpn/9.1-r15.2
- version/ivanti connect secure (ics) vpn/9.1-r16
- version/ivanti connect secure (ics) vpn/9.1-r16.1
- version/ivanti connect secure (ics) vpn/9.1-r17
- version/ivanti connect secure (ics) vpn/9.1-r17.1
- version/ivanti connect secure (ics) vpn/9.1-r17.2
- version/ivanti connect secure (ics) vpn/9.1-r18
- version/ivanti connect secure (ics) vpn/9.1-r18.1
- version/ivanti connect secure (ics) vpn/9.1-r18.2
- version/ivanti connect secure (ics) vpn/9.1-r18.3
- version/ivanti connect secure (ics) vpn/9.1-r18.7
- version/ivanti connect secure (ics) vpn/9.1-r18.8
- version/ivanti connect secure (ics) vpn/9.1-r2
- version/ivanti connect secure (ics) vpn/9.1-r2.0
- version/ivanti connect secure (ics) vpn/9.1-r3
- version/ivanti connect secure (ics) vpn/9.1-r3.0
- version/ivanti connect secure (ics) vpn/9.1-r4
- version/ivanti connect secure (ics) vpn/9.1-r4.0
- version/ivanti connect secure (ics) vpn/9.1-r4.1
- version/ivanti connect secure (ics) vpn/9.1-r4.2
- version/ivanti connect secure (ics) vpn/9.1-r4.3
- version/ivanti connect secure (ics) vpn/9.1-r5
- version/ivanti connect secure (ics) vpn/9.1-r5.0
- version/ivanti connect secure (ics) vpn/9.1-r6
- version/ivanti connect secure (ics) vpn/9.1-r6.0
- version/ivanti connect secure (ics) vpn/9.1-r7
- version/ivanti connect secure (ics) vpn/9.1-r7.0
- version/ivanti connect secure (ics) vpn/9.1-r8
- version/ivanti connect secure (ics) vpn/9.1-r8.0
- version/ivanti connect secure (ics) vpn/9.1-r8.1
- version/ivanti connect secure (ics) vpn/9.1-r8.2
- version/ivanti connect secure (ics) vpn/9.1-r8.4
- version/ivanti connect secure (ics) vpn/9.1-r9
- version/ivanti connect secure (ics) vpn/9.1-r9.0
- version/ivanti connect secure (ics) vpn/9.1-r9.1
- version/ivanti connect secure (ics) vpn/9.1-r9.2
- version/ivanti connect secure (ics) vpn/22.7
- version/ivanti connect secure (ics) vpn/22.7-r1
- version/ivanti connect secure (ics) vpn/22.7-r1.1
- version/ivanti connect secure (ics) vpn/22.7-r1.2
- version/ivanti connect secure (ics) vpn/22.7-r1.3
- version/ivanti connect secure (ics) vpn/22.7-r1.4
- version/ivanti connect secure (ics) vpn/22.7-r1.5
- version/ivanti connect secure (ics) vpn/22.7-r2
- version/ivanti connect secure (ics) vpn/22.7-r2.1
- version/ivanti connect secure (ics) vpn/22.7-r2.2
- canonical/pulse policy secure
- version/pulse policy secure/22.7
- version/pulse policy secure/22.7-r1
- version/pulse policy secure/22.7-r1.1