CVE-2024-10644

Q: What is the severity of CVE-2024-10644?

CVE-2024-10644 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows remote authenticated administrators to inject malicious code into Ivanti Connect Secure and Policy Secure systems, leading to remote code execution. Organizations using affected versions of these VPN and policy management products are at risk.

9.1 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability allows remote authenticated administrators to inject malicious code into Ivanti Connect Secure and Policy Secure systems, leading to remote code execution. Organizations using affected versions of these VPN and policy management products are at risk.

💻 Affected Systems

Products:

Ivanti Connect Secure
Ivanti Policy Secure

Versions: Connect Secure before 22.7R2.4, Policy Secure before 22.7R1.3

Operating Systems: Appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin privileges to exploit. All default configurations with admin accounts are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to establish persistent access, steal credentials, pivot to internal networks, and deploy ransomware or other malware.

🟠

Likely Case

Attacker gains administrative control of the Ivanti appliance, can intercept VPN traffic, modify policies, and access connected internal resources.

🟢

If Mitigated

Limited impact if strong network segmentation, admin account monitoring, and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated. Similar Ivanti vulnerabilities have been actively exploited in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Connect Secure 22.7R2.4, Policy Secure 22.7R1.3

Vendor Advisory: https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

Restart Required: Yes

Instructions:

1. Download the patch from Ivanti support portal. 2. Backup current configuration. 3. Apply patch via admin interface. 4. Restart appliance. 5. Verify patch installation and functionality.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit admin account access to specific IP addresses and implement multi-factor authentication.

Network Segmentation

all

Place Ivanti appliances in DMZ with strict firewall rules limiting inbound/outbound connections.

🧯 If You Can't Patch

Isolate affected systems from critical networks and implement strict network access controls.
Monitor admin account activity aggressively and implement session timeouts for admin interfaces.

🔍 How to Verify

Check if Vulnerable:

Check version in Ivanti admin interface under System > Maintenance > Version Information.

Check Version:

ssh admin@ivanti-appliance 'show version' or check web admin interface

Verify Fix Applied:

Verify version shows 22.7R2.4 or later for Connect Secure, 22.7R1.3 or later for Policy Secure.

📡 Detection & Monitoring

Log Indicators:

Unusual admin login patterns
Unexpected configuration changes
Suspicious process execution in system logs

Network Indicators:

Unusual outbound connections from Ivanti appliance
Anomalous VPN traffic patterns

SIEM Query:

source="ivanti*" AND (event_type="admin_login" OR event_type="config_change") | stats count by user, src_ip

📊 Metadata

CVE ID: CVE-2024-10644

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 24.66% exploit probability (96th percentile)

Published: February 11, 2025

Last Updated: July 14, 2025

🔗 References

https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Policy Secure by Ivanti

Policy Secure by Ivanti

Policy Secure by Ivanti

Policy Secure by Ivanti

Policy Secure by Ivanti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Admin Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities