CVE-2024-10644 is a severe vulnerability classified under CWE-94, which involves improper control of code generation, commonly known as code injection. This flaw affects Ivanti Connect Secure versions prior to 22.7R2.4 and Ivanti Policy Secure versions prior to 22.7R1.3. The vulnerability allows a remote attacker who has authenticated with administrative privileges to inject and execute arbitrary code on the underlying system. The root cause is insufficient validation or sanitization of input that is used in code generation or execution contexts within the affected Ivanti products. Because the attacker must already have admin-level access, the vulnerability is primarily a post-authentication risk, but the impact is critical as it enables complete system compromise, including data theft, system manipulation, and denial of service. The CVSS v3.1 base score of 9.1 reflects the network attack vector, low attack complexity, required high privileges, no user interaction, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable code. Although no public exploits have been reported yet, the critical nature of the vulnerability and the widespread use of Ivanti Connect Secure in enterprise VPN and remote access solutions make it a significant threat. The vulnerability was published on February 11, 2025, and organizations are urged to upgrade to the fixed versions or apply available mitigations promptly.

The impact of CVE-2024-10644 is substantial for organizations globally that rely on Ivanti Connect Secure or Ivanti Policy Secure for remote access and VPN services. Successful exploitation allows attackers with administrative credentials to execute arbitrary code remotely, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, disruption of remote access services, lateral movement within networks, and deployment of further malware or ransomware. Given the critical role of these products in securing remote connectivity, exploitation could severely impact business continuity, data confidentiality, and integrity. The vulnerability's requirement for admin privileges means that initial compromise or insider threats could be escalated to full control. Organizations in sectors such as finance, healthcare, government, and critical infrastructure, which often use Ivanti products for secure remote access, face heightened risk. The absence of known exploits in the wild currently provides a window for proactive defense, but the high CVSS score indicates that once exploited, the damage potential is severe.

To mitigate CVE-2024-10644, organizations should immediately upgrade Ivanti Connect Secure to version 22.7R2.4 or later and Ivanti Policy Secure to version 22.7R1.3 or later once patches are available. Until patches are applied, restrict administrative access to the affected systems using network segmentation, VPN access controls, and multi-factor authentication to reduce the risk of credential compromise. Conduct thorough audits of admin accounts and monitor for unusual administrative activity. Employ strict input validation and code execution policies where possible, and consider deploying application-layer firewalls or intrusion detection systems tuned to detect anomalous behavior related to code injection attempts. Additionally, implement robust logging and alerting to detect potential exploitation attempts early. Regularly review and update incident response plans to address potential exploitation scenarios. Organizations should also educate administrators about the risks of privilege misuse and enforce the principle of least privilege to limit the number of users with admin rights.