What is CVE-2024-37404?

A high-severity vulnerability in Ivanti Connect Secure and Policy Secure could allow remote authenticated attackers to execute arbitrary code. Immediate action is required to mitigate risks associated with this flaw.

What is the severity of CVE-2024-37404?

CVE-2024-37404 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2024-37404 | High Vulnerability in Ivanti Connect Secure & Policy Secure

CVE-2024-37404 represents a high-severity vulnerability affecting Ivanti Connect Secure and Policy Secure. The flaw arises from improper input validation in the admin portal of Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9, as well as Ivanti Policy Secure before version 22.7R1.1. This vulnerability allows remote authenticated attackers to achieve remote code execution, presenting significant risks to organizations that utilize these products.

The CVSS score of 8.8 indicates that this vulnerability is classified as high severity, underscoring the critical need for organizations to address this issue promptly. The potential for exploitation is considerable, especially given that the attack vector is through the network, and the attack complexity is low. Risk to organizations includes unauthorized remote execution of code, which could lead to severe consequences such as data breaches or system compromises.

Currently, there are no public exploits confirmed for this vulnerability, and it is not included in the Known Exploited Vulnerabilities (KEV) catalog. However, organizations using affected versions of the software should prioritize remediation to mitigate any potential risks. Organizations should prioritize patching immediately.

Given the critical nature of this vulnerability, it is essential for security teams to stay informed about any updates or patches released by Ivanti. Timely action is crucial to prevent potential exploitation and safeguard sensitive information.

Vulnerability Details

The official description for CVE-2024-37404 indicates that improper input validation in the admin portal of Ivanti Connect Secure and Ivanti Policy Secure versions prior to the specified patches enables attackers to perform remote code execution. The vulnerability affects both Ivanti Connect Secure and Policy Secure, with the most recent versions being 22.7R2.1 and 9.1R18.9, respectively.

The CVSS score of 8.8 categorizes this vulnerability as high severity, which signifies the potential for significant impact on confidentiality, integrity, and availability. The attack vector is network-based, requiring low complexity and only low privileges, thus making it easier for attackers to exploit the vulnerability.

The vulnerability was published on October 18, 2024, and the affected products are Ivanti Connect Secure and Policy Secure. No CWE classification is currently available.

Technical Analysis

The root cause of CVE-2024-37404 is related to improper input validation within the admin portal. This flaw allows unauthorized users to input malicious code, which can then be executed remotely. The attack vector is a network, meaning that attackers do not require physical access to exploit the vulnerability.

Given the low complexity of the attack, even those with low privileges could potentially execute malicious commands. User interaction is not required, further increasing the risk. The impact on confidentiality, integrity, and availability is high, making this a critical vulnerability for organizations using Ivanti products.

Risk & Impact Analysis

Organizations utilizing Ivanti Connect Secure and Policy Secure should be aware of the significant risks associated with CVE-2024-37404. The potential for unauthorized remote code execution poses a serious threat, particularly in environments where sensitive data is processed or stored.

Risk to organizations includes data loss, unauthorized access, and potential operational disruption. The vulnerability's high CVSS score of 8.8 indicates that it should be prioritized in the patching cycle, especially given that exploitation could lead to severe consequences.

Organizations should assess their exposure to this vulnerability and implement necessary mitigations, including applying any available patches and ensuring secure configurations are in place. Given the high severity of this vulnerability, organizations should address in priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Ivanti Connect Secure include versions prior to 22.7R2.1 and 9.1R18.9, while Ivanti Policy Secure is affected prior to version 22.7R1.1. Organizations using these versions should take immediate action to upgrade and secure their systems.

Mitigation & Remediation

To mitigate the risks associated with CVE-2024-37404, organizations should apply the latest patches provided by Ivanti for Connect Secure and Policy Secure. The recommended versions to upgrade to are 22.7R2.1 for Ivanti Connect Secure and 22.7R1.1 for Ivanti Policy Secure.

In cases where immediate patching is not feasible, organizations should implement workarounds to restrict access to the admin portal and monitor for any unusual activities that may indicate an attempt to exploit this vulnerability. Additionally, organizations should consider implementing configuration hardening measures to reduce the attack surface.

For continuous improvement in security posture, organizations may consider engaging in continuous security testing to identify and remediate similar vulnerabilities proactively.

Detection Guidance

Organizations should monitor logs for indicators of exploitation attempts, such as unusual access patterns to the admin portal or unexpected system changes that may suggest unauthorized code execution.

Behavioral anomalies in user activities, especially those related to administrative functions, should also be flagged for further investigation. Additionally, implementing network signatures can help detect potential exploit attempts.

AppSecure Threat Intelligence Insight

The CVE-2024-37404 vulnerability highlights a critical area for improvement in input validation processes within web applications. It serves as a reminder for security teams to regularly review and enhance their application's security mechanisms.

As organizations face an increasing number of sophisticated attacks, understanding the implications of such vulnerabilities can lead to more robust security frameworks. Teams should focus on developing a vulnerability management program that not only addresses existing vulnerabilities but also anticipates future threats.

Finally, adopting a proactive stance through regular security assessments, such as penetration testing, can help organizations stay ahead of emerging threats and fortify their defenses against exploitation.

Known Exploitation Timeline

Currently, there are no records indicating the vulnerability has been actively exploited in the wild.

EPSS Risk Context

The EPSS score of 0.8409 places CVE-2024-37404 in the 99.3 percentile, indicating a high probability of exploitation if left unmitigated. This highlights the urgency for organizations to act swiftly to remediate this vulnerability.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-37404: High Vulnerability in Ivanti Connect Secure & Policy Secure