Ivanti Connect Secure Vulnerability Could Lead to DoS Attacks
CVE-2024-22052
Summary
The Ivanti Connect Secure and Policy Secure Gateways are impacted by multiple vulnerabilities, including heap overflow, null pointer dereference, and XML entity expansion flaws. These vulnerabilities could allow unauthenticated attackers to launch denial-of-service (DoS) attacks or execute arbitrary code. Ivanti has released security updates to mitigate these risks, with a strong recommendation to apply the patches with the highest priority. While there is no evidence of these vulnerabilities being exploited in the wild, organizations are advised to bolster monitoring and detection capabilities to identify any related suspicious activity. Overall, these vulnerabilities pose a significant threat to the availability of information security.
Affected Version(s)
Connect Secure 22.1R6.2
Connect Secure 22.2R4.2
Connect Secure 22.3R1.2
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
GBHackers on SecurityMultiple Ivanti Connect Secure Flaw Let Attackers Execute Remote Code
Ivanti Connect Secure and Policy Secure Gateways has been discovered with four new vulnerabilities which were associated with Heap overflow,
10 months ago
WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!
Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva
10 months ago
WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!
Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva
10 months ago
References
CVSS V3.1
Timeline
Vulnerability published
- 📰
First article discovered by BleepingComputer