Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads

CVE-2024-22053

8.2HIGH

Key Information

Vendor: Ivanti
Status: Connect Secure; Policy Secure
Vendor: CVE Published:; 4 April 2024

Badges

📰 News Worthy

Summary

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

Affected Version(s)

Connect Secure < 22.1R6.2

Connect Secure < 22.2R4.2

Connect Secure < 22.3R1.2

News Articles

Help Net Security

CVE-2024-21894CVE-2024-22053

Ivanti vows to transform its security operating model, reveals new vulnerabilities - Help Net Security

Ivanti has released patches for four new DoS vulnerabilities affecting Ivanti Connect Secure and Policy Secure.

6 months ago

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by Help Net Security
Apr 4, 2024
Vulnerability published.
Apr 4, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)