CVE-2024-10630 – A race condition vulnerability in Ivanti Applic... (How to Fix)

Q: What is the severity of CVE-2024-10630?

CVE-2024-10630 has a CVSS score of 7.8 (HIGH). A race condition vulnerability in Ivanti Application Control Engine allows authenticated local attackers to bypass application blocking controls. This affects organizations using Ivanti Application Control Engine versions before 10.14.4.0 to restrict application execution on endpoints.

📋 TL;DR

A race condition vulnerability in Ivanti Application Control Engine allows authenticated local attackers to bypass application blocking controls. This affects organizations using Ivanti Application Control Engine versions before 10.14.4.0 to restrict application execution on endpoints.

💻 Affected Systems

Products:

Ivanti Application Control Engine

Versions: All versions before 10.14.4.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using application blocking functionality. Requires local authenticated access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could execute arbitrary malicious applications that should be blocked by policy, potentially leading to privilege escalation, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Local users with standard privileges could bypass application restrictions to run unauthorized software, violating security policies and potentially introducing malware.

🟢

If Mitigated

With proper network segmentation and endpoint monitoring, the impact would be limited to the local system with minimal lateral movement capability.

🌐 Internet-Facing: LOW - This requires local authenticated access, not directly exploitable from the internet.

🏢 Internal Only: HIGH - This affects internal endpoints where users have local authentication, potentially allowing policy bypass across the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires timing attacks (race condition) and local authenticated access. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.14.4.0

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630

Restart Required: No

Instructions:

1. Download Ivanti Application Control Engine version 10.14.4.0 or later from the Ivanti portal. 2. Deploy the update through your standard patch management process. 3. Verify the update was successful by checking the version number.

🔧 Temporary Workarounds

Restrict Local User Privileges

all

Limit local user privileges to reduce the attack surface for authenticated exploitation.

🧯 If You Can't Patch

Implement strict network segmentation to limit lateral movement from potentially compromised endpoints.
Enhance endpoint monitoring for unusual application execution patterns that might indicate bypass attempts.

🔍 How to Verify

Check if Vulnerable:

Check the Ivanti Application Control Engine version in the management console or via 'wmic product get name,version' command on Windows endpoints.

Check Version:

wmic product where "name like 'Ivanti Application Control Engine%'" get version

Verify Fix Applied:

Confirm the version is 10.14.4.0 or later in the management console or via version check commands.

📡 Detection & Monitoring

Log Indicators:

Unusual application execution events in Ivanti Application Control logs
Multiple rapid application execution attempts that might indicate race condition exploitation

Network Indicators:

Unusual outbound connections from endpoints that should have restricted application access

SIEM Query:

source="ivanti_ace" AND (event_type="application_execution" AND result="bypassed")

📊 Metadata

CVE ID: CVE-2024-10630

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-366

EPSS Score: 0.11% exploit probability (29.8th percentile)

Published: January 14, 2025

Last Updated: July 11, 2025

🔗 References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10630, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Application Control by Ivanti

Application Control by Ivanti

Application Control by Ivanti

Application Control by Ivanti

Application Control by Ivanti

Application Control by Ivanti

Application Control by Ivanti

Application Control by Ivanti

Security Controls by Ivanti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local User Privileges

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities