CVE-2024-37404

HIGH

Ivanti Connect Secure Authenticated Remote Code Execution via OpenSSL CRLF Injection

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-37404. PoCs published by Richard Warren, Christophe De La Fuente, including Metasploit module exploits/linux/http/ivanti_connect_secure_rce_cve_2024_37404.

AI-analyzed exploit summary This Metasploit module exploits CVE-2024-37404, a CRLF injection vulnerability in Ivanti Connect Secure, to achieve authenticated remote code execution. It requires administrative credentials and a non-administrative user account to trigger the vulnerability via OpenSSL.

Description

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Richard Warren, Christophe De La Fuente · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2024_37404.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2024-37404, a CRLF injection vulnerability in Ivanti Connect Secure, to achieve authenticated remote code execution. It requires administrative credentials and a non-administrative user account to trigger the vulnerability via OpenSSL.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ivanti Connect Secure (versions prior to 22.7R2.1)

Auth required

Prerequisites: Valid administrative credentials · Non-administrative user account · Target running vulnerable Ivanti Connect Secure version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404

Scores

CVSS v3 8.8

EPSS 0.6729

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (2)

ivanti/connect_secure 9.1 r1 (45 CPE variants)

ivanti/connect_secure 22.7 (5 CPE variants)

Published Oct 18, 2024

Tracked Since Feb 18, 2026