Remote Attacker Can Cause Service Disruptions with Improper Check for Unusual or Exceptional Conditions Vulnerability
CVE-2024-29205

7.5HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure
Vendor: CVE Published:; 25 April 2024

Summary

An improper check for unusual or exceptional conditions exists in the web component of Ivanti Connect Secure and Ivanti Policy Secure. This flaw allows remote unauthenticated attackers to exploit the vulnerability by sending specially crafted requests to the affected systems, potentially leading to service disruptions. Entities using these products should be aware of the risk and take necessary measures to secure their environments against potential exploitation by malicious actors.

Affected Version(s)

Connect Secure 9.1R18.5

Connect Secure 22.6R2.3

Connect Secure 9.1R17.4

References

https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Hea...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2024

Collectors

NVD DatabaseMitre Database