Ivanti Connect Secure Vulnerability Could Lead to DoS Attacks

Summary

The Ivanti Connect Secure and Policy Secure Gateways are impacted by multiple vulnerabilities, including heap overflow, null pointer dereference, and XML entity expansion flaws. These vulnerabilities could allow unauthenticated attackers to launch denial-of-service (DoS) attacks or execute arbitrary code. Ivanti has released security updates to mitigate these risks, with a strong recommendation to apply the patches with the highest priority. While there is no evidence of these vulnerabilities being exploited in the wild, organizations are advised to bolster monitoring and detection capabilities to identify any related suspicious activity. Overall, these vulnerabilities pose a significant threat to the availability of information security.

News Articles

GBHackers on Security

CVE-2024-21894CVE-2024-22052

Multiple Ivanti Connect Secure Flaw Let Attackers Execute Remote Code

Ivanti Connect Secure and Policy Secure Gateways has been discovered with four new vulnerabilities which were associated with Heap overflow,

5 months ago

| Cert

CVE-2024-21894CVE-2024-22052

WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!

Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva

6 months ago

| Cert

CVE-2024-21894CVE-2024-22052

WARNING: IVANTI RELEASES SECURITY UPDATES TO ADDRESS VULNERABILITIES IMPACTING IVANTI CONNECT SECURE AND IVANTI POLICY SECURE GATEWAYS, PATCH IMMEDIATELY!

Three of the disclosed vulnerabilities (CVE-2024-21894, CVE-2024-22052 and CVE-2024-22052) are related memory mismanagement within the IPsec component of Iva

6 months ago

More News...