Lucene search

[email protected]CVE-2024-21894

HistoryApr 04, 2024 - 11:15 p.m.

CVE-2024-21894

2024-04-0423:15:15

CWE-787

[email protected]

web.nvd.nist.gov

heap overflow

ivanti connect secure

policy secure

ipsec

dos attack

arbitrary code execution

cve-2024-21894

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

38.9%

JSON

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

CPENameOperatorVersion
ivanti:connect_secureivanti connect secureeq9.1
ivanti:connect_secureivanti connect secureeq22.1
ivanti:connect_secureivanti connect secureeq22.2
ivanti:connect_secureivanti connect secureeq22.3
ivanti:connect_secureivanti connect secureeq22.4
ivanti:connect_secureivanti connect secureeq22.5
ivanti:connect_secureivanti connect secureeq22.6
ivanti:policy_secureivanti policy secureeq9.0
ivanti:policy_secureivanti policy secureeq9.1
ivanti:policy_secureivanti policy secureeq22.1

CPE	Name	Operator	Version
ivanti:connect_secure	ivanti connect secure	eq	9.1
ivanti:connect_secure	ivanti connect secure	eq	22.1
ivanti:connect_secure	ivanti connect secure	eq	22.2
ivanti:connect_secure	ivanti connect secure	eq	22.3
ivanti:connect_secure	ivanti connect secure	eq	22.4
ivanti:connect_secure	ivanti connect secure	eq	22.5
ivanti:connect_secure	ivanti connect secure	eq	22.6
ivanti:policy_secure	ivanti policy secure	eq	9.0
ivanti:policy_secure	ivanti policy secure	eq	9.1
ivanti:policy_secure	ivanti policy secure	eq	22.1

Rows per page:

1-10 of 151

References

forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Social References

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

38.9%

JSON

Related for CVE-2024-21894

cvelist1 nessus2 thn1