Lucene search
HistoryApr 04, 2024 - 8:15 p.m.
CVE-2024-22053
heap overflow
ivanti connect secure
ipsec
dos attack
memory read
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
7 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
16.8%
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x
22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
Affected configurations
Node
ivanticonnect_secureMatch9.1r1
ORivanticonnect_secureMatch9.1r10
ORivanticonnect_secureMatch9.1r11
ORivanticonnect_secureMatch9.1r11.5
ORivanticonnect_secureMatch9.1r12
ORivanticonnect_secureMatch9.1r13
ORivanticonnect_secureMatch9.1r14lts
ORivanticonnect_secureMatch9.1r15
ORivanticonnect_secureMatch9.1r16
ORivanticonnect_secureMatch9.1r17
ORivanticonnect_secureMatch9.1r18
ORivanticonnect_secureMatch9.1r2
ORivanticonnect_secureMatch9.1r3
ORivanticonnect_secureMatch9.1r4
ORivanticonnect_secureMatch9.1r4.1
ORivanticonnect_secureMatch9.1r4.2
ORivanticonnect_secureMatch9.1r4.3
ORivanticonnect_secureMatch9.1r5
ORivanticonnect_secureMatch9.1r6
ORivanticonnect_secureMatch9.1r7
ORivanticonnect_secureMatch9.1r8
ORivanticonnect_secureMatch9.1r9
ORivanticonnect_secureMatch22.1
ORivanticonnect_secureMatch22.2
ORivanticonnect_secureMatch22.3
ORivanticonnect_secureMatch22.4
ORivanticonnect_secureMatch22.5
ORivanticonnect_secureMatch22.6
ORivantipolicy_secureMatch9.0-
ORivantipolicy_secureMatch9.0r1
ORivantipolicy_secureMatch9.0r2
ORivantipolicy_secureMatch9.0r2.1
ORivantipolicy_secureMatch9.0r3
ORivantipolicy_secureMatch9.0r3.1
ORivantipolicy_secureMatch9.0r4
ORivantipolicy_secureMatch9.1-
ORivantipolicy_secureMatch9.1r1
ORivantipolicy_secureMatch9.1r10
ORivantipolicy_secureMatch9.1r11
ORivantipolicy_secureMatch9.1r12
ORivantipolicy_secureMatch9.1r13
ORivantipolicy_secureMatch9.1r14
ORivantipolicy_secureMatch9.1r15
ORivantipolicy_secureMatch9.1r16
ORivantipolicy_secureMatch9.1r17
ORivantipolicy_secureMatch9.1r18
ORivantipolicy_secureMatch9.1r2
ORivantipolicy_secureMatch9.1r3
ORivantipolicy_secureMatch9.1r4
ORivantipolicy_secureMatch9.1r5
ORivantipolicy_secureMatch9.1r6
ORivantipolicy_secureMatch9.1r7
ORivantipolicy_secureMatch9.1r8
ORivantipolicy_secureMatch9.1r9
ORivantipolicy_secureMatch22.1
ORivantipolicy_secureMatch22.2
ORivantipolicy_secureMatch22.3
ORivantipolicy_secureMatch22.4
ORivantipolicy_secureMatch22.5
ORivantipolicy_secureMatch22.6
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "Connect Secure",
"versions": [
{
"version": "22.1R6.2",
"status": "affected",
"lessThan": "22.1R6.2",
"versionType": "semver"
},
{
"version": "22.2R4.2",
"status": "affected",
"lessThan": "22.2R4.2",
"versionType": "semver"
},
{
"version": "22.3R1.2",
"status": "affected",
"lessThan": "22.3R1.2",
"versionType": "semver"
},
{
"version": "22.4R1.2",
"status": "affected",
"lessThan": "22.4R1.2",
"versionType": "semver"
},
{
"version": "22.4R2.4",
"status": "affected",
"lessThan": "22.4R2.4",
"versionType": "semver"
},
{
"version": "22.5R1.3",
"status": "affected",
"lessThan": "22.5R1.3",
"versionType": "semver"
},
{
"version": "22.5R2.4",
"status": "affected",
"lessThan": "22.5R2.4",
"versionType": "semver"
},
{
"version": "22.6R2.3",
"status": "affected",
"lessThan": "22.6R2.3",
"versionType": "semver"
},
{
"version": "9.1R14.6",
"status": "affected",
"lessThan": "9.1R14.6",
"versionType": "semver"
},
{
"version": "9.1R15.4",
"status": "affected",
"lessThan": "9.1R15.4",
"versionType": "semver"
},
{
"version": "9.1R16.4",
"status": "affected",
"lessThan": "9.1R16.4",
"versionType": "semver"
},
{
"version": "9.1R17.4",
"status": "affected",
"lessThan": "9.1R17.4",
"versionType": "semver"
},
{
"version": "9.1R18.5",
"status": "affected",
"lessThan": "9.1R18.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "Policy Secure",
"versions": [
{
"version": "22.4R1.2",
"status": "affected",
"lessThan": "22.4R1.2",
"versionType": "semver"
},
{
"version": "22.5R1.3",
"status": "affected",
"lessThan": "22.5R1.3",
"versionType": "semver"
},
{
"version": "22.6R1.2",
"status": "affected",
"lessThan": "22.6R1.2",
"versionType": "semver"
},
{
"version": "9.1R16.4",
"status": "affected",
"lessThan": "9.1R16.4",
"versionType": "semver"
},
{
"version": "9.1R17.4",
"status": "affected",
"lessThan": "9.1R17.4",
"versionType": "semver"
},
{
"version": "9.1R18.5",
"status": "affected",
"lessThan": "9.1R18.5",
"versionType": "semver"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2024-22053
2024-04-04 19:45:10
nvd
nvd
CVE-2024-22053
2024-04-04 20:15:08
nessus
nessus
Ivanti Connect Secure 9.x / 22.x Multiple Vulnerabilities (CVE-2024-21894)
2024-04-04 00:00:00
Ivanti Policy Secure 9.x / 22.x Multiple Vulnerabilities (CVE-2024-21894)
2024-04-04 00:00:00
thn
thn
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure
2024-04-04 04:45:00
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
7 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
16.8%
Related for CVE-2024-22053