CVE-2024-38657 Ivanti — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	4.9 (MEDIUM)
Affected Versions	before 22.7
Fixed In	22.7
Type	CWE-73 (External Control of File Name or Path)
Vendor	Ivanti
Public PoC	No

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-73 External Control of File Name or Path

Vulnerable Products 17

Configuration	From (including)	Up to (excluding)
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure::::::::	—	`22.7`
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:-::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r1::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.1::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.2::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.3::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.4::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r1.5::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r2::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r2.1::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r2.2::::::	—	—
Ivanti Connect_Secure cpe:2.3:a:ivanti:connect_secure:22.7:r2.3::::::	—	—
Ivanti Policy_Secure cpe:2.3:a:ivanti:policy_secure::::::::	—	`22.7`
Ivanti Policy_Secure cpe:2.3:a:ivanti:policy_secure:22.7:-::::::	—	—
Ivanti Policy_Secure cpe:2.3:a:ivanti:policy_secure:22.7:r1::::::	—	—
Ivanti Policy_Secure cpe:2.3:a:ivanti:policy_secure:22.7:r1.1::::::	—	—
Ivanti Policy_Secure cpe:2.3:a:ivanti:policy_secure:22.7:r1.2::::::	—	—

References 1

https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-S…

support@hackerone.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1281

Ivanti

9.8

CVE-2025-10918

Ivanti

7.1

CVE-2025-22454

Ivanti

7.8

CVE-2025-22467

Ivanti

8.8

CVE-2024-47908

Ivanti

7.2

Menu

CVE-2024-38657

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 17

References 1

Related Vulnerabilities

CVE-2026-1281

CVE-2025-10918

CVE-2025-22454

CVE-2025-22467

CVE-2024-47908

CVE Details

Editor's Choice

Menu

CVE-2024-38657

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 17

References 1

Related Vulnerabilities

CVE-2026-1281

CVE-2025-10918

CVE-2025-22454

CVE-2025-22467

CVE-2024-47908

CVE Details

Editor's Choice

Stay informed on cybersecurity