Stack-Based Buffer Overflow in Ivanti Connect Secure and Ivanti Policy Secure
CVE-2024-47905

4.9MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure
Vendor: CVE Published:; 12 November 2024

Summary

A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, specifically in versions prior to 22.7R2.3 and 22.7R1.2, respectively. This flaw permits a remote authenticated attacker with administrative privileges to exploit the vulnerability, potentially leading to a denial of service condition. Organizations using these Ivanti products should take immediate action to mitigate this risk by upgrading to the patched versions to ensure their systems remain secure.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024