Cyber Resilience

CVE-2024-9420

High

Published: 12 November 2024

Published
12 November 2024
Modified
13 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1864 95.4th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9420 is a high-severity Use After Free (CWE-416) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A use-after-free vulnerability tracked as CVE-2024-9420 affects Ivanti Connect Secure prior to versions 22.7R2.3 and 9.1R18.9 as well as Ivanti Policy Secure prior to version 22.7R1.2. The flaw, assigned CWE-416, carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, and low required privileges.

A remote authenticated attacker can trigger the use-after-free condition to achieve remote code execution on the affected appliances. The attack requires no user interaction and can result in full compromise of confidentiality, integrity, and availability.

The referenced Ivanti security advisory addresses this issue along with additional CVEs and supplies the corresponding patched releases for both Connect Secure and Policy Secure products.

EPSS for the vulnerability rose from a low baseline to a peak of 0.2906 on 2025-12-11 before receding to the current value of 0.1864, indicating that exploitation interest increased after public disclosure.

EU & UK References

Vulnerability details

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
connect secure
22.7, 9.1 · ≤ 9.1 · 21.9 — 22.7
ivanti
policy secure
22.7 · ≤ 22.7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

References