Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads
CVE-2024-22053

8.2HIGH

Key Information:

Vendor

Ivanti
Status
Connect Secure
Policy Secure
Vendor
CVE Published:
4 April 2024

Badges

đź“° News Worthy

What is CVE-2024-22053?

A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure. This issue allows unauthenticated users to craft and send specific requests to the affected services. As a result, this could lead to service crashes, effectively causing a Denial of Service (DoS), and in certain scenarios, may allow malicious actors to read sensitive memory contents. It is crucial for organizations using these products to assess their security posture and implement necessary mitigations.

Affected Version(s)

Connect Secure 22.1R6.2

Connect Secure 22.2R4.2

Connect Secure 22.3R1.2

News Articles

favicon imageHelp Net Security

Ivanti vows to transform its security operating model, reveals new vulnerabilities - Help Net Security

Ivanti has released patches for four new DoS vulnerabilities affecting Ivanti Connect Secure and Policy Secure.

References

https://forums.ivanti.com/s/article/New-CVE-2024-21894-He...

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Help Net Security

  • Vulnerability published

.
CVE-2024-22053 : Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads