Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Connect_secure | Ivanti | * | 9.1 (excluding) |
| Connect_secure | Ivanti | 9.1 (excluding) | 22.7 (excluding) |
| Connect_secure | Ivanti | 22.7 (including) | 22.7 (including) |
| Connect_secure | Ivanti | 22.7-r1 (including) | 22.7-r1 (including) |
| Connect_secure | Ivanti | 22.7-r1.1 (including) | 22.7-r1.1 (including) |
| Connect_secure | Ivanti | 22.7-r1.2 (including) | 22.7-r1.2 (including) |
| Connect_secure | Ivanti | 22.7-r1.3 (including) | 22.7-r1.3 (including) |
| Connect_secure | Ivanti | 22.7-r1.4 (including) | 22.7-r1.4 (including) |
| Connect_secure | Ivanti | 22.7-r1.5 (including) | 22.7-r1.5 (including) |
| Connect_secure | Ivanti | 22.7-r2 (including) | 22.7-r2 (including) |
| Connect_secure | Ivanti | 22.7-r2.1 (including) | 22.7-r2.1 (including) |
| Connect_secure | Ivanti | 22.7-r2.2 (including) | 22.7-r2.2 (including) |
| Policy_secure | Ivanti | * | 9.1 (excluding) |
| Policy_secure | Ivanti | 9.1 (excluding) | 22.7 (excluding) |
| Policy_secure | Ivanti | 22.7-r1 (including) | 22.7-r1 (including) |
| Policy_secure | Ivanti | 22.7-r1.1 (including) | 22.7-r1.1 (including) |