Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads
CVE-2024-22053
8.2HIGH
Key Information
- Vendor
- Ivanti
- Status
- Connect Secure
- Policy Secure
- Vendor
- CVE Published:
- 4 April 2024
Badges
đź“° News Worthy
Summary
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
Affected Version(s)
Connect Secure < 22.1R6.2
Connect Secure < 22.2R4.2
Connect Secure < 22.3R1.2
News Articles
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
First article discovered by Help Net Security
Vulnerability published.
Collectors
NVD DatabaseMitre Database1 News Article(s)