Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2024-50318
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.011
Published
2024-11-12
CVE-2024-50319
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.011
Published
2024-11-12
CVE-2024-50320
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.312
Published
2024-11-12
CVE-2024-47905
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVSS Score
4.9
EPSS Score
0.011
Published
2024-11-12
CVE-2024-47906
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-11-12
CVE-2024-47907
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.015
Published
2024-11-12
CVE-2024-11007
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.017
Published
2024-11-12
CVE-2024-29213
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-10-18
CVE-2024-29821
Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-10-18
CVE-2024-37404
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.673
Published
2024-10-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved