Ivanti Connect Secure Vulnerability Could Lead to DoS Attacks
Key Information
- Vendor
- Ivanti
- Status
- Connect Secure
- Policy Secure
- Vendor
- CVE Published:
- 4 April 2024
Badges
Summary
The Ivanti Connect Secure and Policy Secure Gateways are impacted by multiple vulnerabilities, including heap overflow, null pointer dereference, and XML entity expansion flaws. These vulnerabilities could allow unauthenticated attackers to launch denial-of-service (DoS) attacks or execute arbitrary code. Ivanti has released security updates to mitigate these risks, with a strong recommendation to apply the patches with the highest priority. While there is no evidence of these vulnerabilities being exploited in the wild, organizations are advised to bolster monitoring and detection capabilities to identify any related suspicious activity. Overall, these vulnerabilities pose a significant threat to the availability of information security.
News Articles
Multiple Ivanti Connect Secure Flaw Let Attackers Execute Remote Code
Ivanti Connect Secure and Policy Secure Gateways has been discovered with four new vulnerabilities which were associated with Heap overflow,
5 months ago
WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!
Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva
6 months ago
WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!
Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva
6 months ago
CVSS V3.1
Timeline
Vulnerability published.
First article discovered by BleepingComputer