Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads
CVE-2024-22053

8.2HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure
Vendor: CVE Published:; 4 April 2024

Badges

📰 News Worthy

What is CVE-2024-22053?

A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure. This issue allows unauthenticated users to craft and send specific requests to the affected services. As a result, this could lead to service crashes, effectively causing a Denial of Service (DoS), and in certain scenarios, may allow malicious actors to read sensitive memory contents. It is crucial for organizations using these products to assess their security posture and implement necessary mitigations.

Affected Version(s)

Connect Secure 22.1R6.2

Connect Secure 22.2R4.2

Connect Secure 22.3R1.2

News Articles

Help Net Security

CVE-2024-21894 CVE-2024-22053

Ivanti vows to transform its security operating model, reveals new vulnerabilities - Help Net Security

Ivanti has released patches for four new DoS vulnerabilities affecting Ivanti Connect Secure and Policy Secure.

References

https://forums.ivanti.com/s/article/New-CVE-2024-21894-He...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Help Net Security
Apr 4, 2024
Vulnerability published
Apr 4, 2024