vulnerability
Pulse Secure Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Nov 11, 2024 | Nov 14, 2024 | Mar 26, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Nov 11, 2024
Added
Nov 14, 2024
Modified
Mar 26, 2026
Description
Argument injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Solution
pulse-secure-pulse-connect-secure-upgrade-22_7r2_1
References
- CVE-2024-38655
- https://attackerkb.com/topics/CVE-2024-38655
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-37701
- CWE-88
- EUVD-EUVD-2024-37701
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.