CVE-2024-13843

Q: What is the severity of CVE-2024-13843?

CVE-2024-13843 has a CVSS score of 6.0 (MEDIUM). This vulnerability allows local authenticated administrators on Ivanti Connect Secure and Policy Secure systems to read sensitive data stored in cleartext. It affects organizations using these Ivanti products before specific patched versions. The risk is limited to users with administrative access to the affected systems.

6.0 MEDIUM

📋 TL;DR

This vulnerability allows local authenticated administrators on Ivanti Connect Secure and Policy Secure systems to read sensitive data stored in cleartext. It affects organizations using these Ivanti products before specific patched versions. The risk is limited to users with administrative access to the affected systems.

💻 Affected Systems

Products:

Ivanti Connect Secure
Ivanti Policy Secure

Versions: Connect Secure before 22.7R2.6, Policy Secure before 22.7R1.3

Operating Systems: All supported Ivanti appliance OS versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated admin access. Does not affect Ivanti Secure Access Client.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator credentials or other sensitive authentication data could be extracted, potentially leading to lateral movement or privilege escalation within the network.

🟠

Likely Case

Local administrators could access configuration files containing passwords, API keys, or other sensitive information stored without encryption.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized administrators who should already have access to sensitive system data.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires existing admin-level access to the system, making this primarily an insider threat or post-compromise issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Connect Secure 22.7R2.6 or later, Policy Secure 22.7R1.3 or later

Vendor Advisory: https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Ivanti support portal. 2. Backup current configuration. 3. Apply patch via web admin interface or CLI. 4. Reboot the appliance. 5. Verify successful update.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit the number of users with administrative privileges and implement strict access controls.

Implement monitoring and auditing

all

Enable detailed logging of administrative actions and regularly review access logs.

🧯 If You Can't Patch

Implement strict principle of least privilege for administrative accounts
Enable comprehensive logging and monitoring of all administrative access to affected systems

🔍 How to Verify

Check if Vulnerable:

Check the appliance version via web admin interface (System > Maintenance > Version) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify version is at least Connect Secure 22.7R2.6 or Policy Secure 22.7R1.3, then check that sensitive data files are no longer stored in cleartext

📡 Detection & Monitoring

Log Indicators:

Unusual administrative access patterns
Access to sensitive configuration files by administrators
Failed attempts to access protected files

Network Indicators:

Unusual administrative SSH or web console connections
Data exfiltration from administrative interfaces

SIEM Query:

source="ivanti*" AND (event_type="file_access" OR user_role="admin") AND (file_path="*config*" OR file_path="*password*")

📊 Metadata

CVE ID: CVE-2024-13843

CVSS v3 Score: 6.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-312

EPSS Score: 0.09% exploit probability (25.1th percentile)

Published: February 11, 2025

Last Updated: February 20, 2025

🔗 References

https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Connect Secure by Ivanti

Policy Secure by Ivanti

Policy Secure by Ivanti

Policy Secure by Ivanti

Policy Secure by Ivanti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict administrative access

Implement monitoring and auditing

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities