Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure Products
CVE-2024-47909

4.9MEDIUM

Key Information:

Vendor: Ivanti
Status: Connect Secure; Policy Secure
Vendor: CVE Published:; 12 November 2024

Summary

A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, affecting versions prior to 22.7R2.3 and 22.7R1.2, respectively. This issue permits a remote authenticated attacker with administrative privileges to exploit the flaw, leading to potential denial of service conditions. Prompt updates are recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

Connect Secure 22.7R2.3

Policy Secure 22.7R1.2

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024