CVE-2024-22052NULL Pointer Dereference in Ivanti Connect Secure

CWE-476NULL Pointer DereferenceCWE-703Improper Check or Handling of Exceptional Conditions4 documents4 sources
Severity
7.5HIGHNVD
EPSS
4.1%
top 11.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ivanti Connect SecureIvanti Policy Secure
Timeline
PublishedApr 4

Description

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5ivanti/policy_secure22.4R1.222.4R1.2+5
CVEListV5ivanti/connect_secure22.1R6.222.1R6.2+12
NVDivanti/policy_secure8 versions+7
NVDivanti/connect_secure7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-5rw8-2rrx-mf5m: A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (92024-04-04
CVEList
CVE-2024-22052: A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (92024-04-04

📋Vendor Advisories

1
Ivanti
Ivanti Connect Secure Null Pointer Dereference
CVE-2024-22052 — NULL Pointer Dereference in Ivanti | cvebase