CVE-2024-8540

HIGH

Ivanti Sentry <10.1.0 - Privilege Escalation

Title source: llm

Description

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.

References (1)

Core 1

Core References

Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540

Scores

CVSS v3 8.8

EPSS 0.0025

EPSS Percentile 15.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (2)

ivanti/standalone_sentry 10.0.1

ivanti/standalone_sentry < 9.20.2

Published Dec 10, 2024

Tracked Since Feb 18, 2026