Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads
CVE-2024-22053
8.2HIGH
What is CVE-2024-22053?
A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure. This issue allows unauthenticated users to craft and send specific requests to the affected services. As a result, this could lead to service crashes, effectively causing a Denial of Service (DoS), and in certain scenarios, may allow malicious actors to read sensitive memory contents. It is crucial for organizations using these products to assess their security posture and implement necessary mitigations.
Affected Version(s)
Connect Secure 22.1R6.2
Connect Secure 22.2R4.2
Connect Secure 22.3R1.2