CVE-2024-22053
published 2024-04-04CVE-2024-22053: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send…
PriorityP350high8.2CVSS 3.1
AVNACLPRNUINSUCLINAH
EPSS
3.53%
87.8th percentile
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x
22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | >= 22.1R6.2 < 22.1R6.2 | 22.1R6.2 |
| ivanti | connect_secure | >= 22.2R4.2 < 22.2R4.2 | 22.2R4.2 |
| ivanti | connect_secure | >= 22.3R1.2 < 22.3R1.2 | 22.3R1.2 |
| ivanti | connect_secure | >= 22.4R1.2 < 22.4R1.2 | 22.4R1.2 |
| ivanti | connect_secure | >= 22.4R2.4 < 22.4R2.4 | 22.4R2.4 |
| ivanti | connect_secure | >= 22.5R1.3 < 22.5R1.3 | 22.5R1.3 |
| ivanti | connect_secure | >= 22.5R2.4 < 22.5R2.4 | 22.5R2.4 |
| ivanti | connect_secure | >= 22.6R2.3 < 22.6R2.3 | 22.6R2.3 |
| ivanti | connect_secure | >= 9.1R14.6 < 9.1R14.6 | 9.1R14.6 |
| ivanti | connect_secure | >= 9.1R15.4 < 9.1R15.4 | 9.1R15.4 |
| ivanti | connect_secure | >= 9.1R16.4 < 9.1R16.4 | 9.1R16.4 |
| ivanti | connect_secure | >= 9.1R17.4 < 9.1R17.4 | 9.1R17.4 |
| ivanti | connect_secure | >= 9.1R18.5 < 9.1R18.5 | 9.1R18.5 |
| ivanti | policy_secure | — | — |
| ivanti | policy_secure | — | — |
| ivanti | policy_secure | — | — |
| ivanti | policy_secure | — | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vmgj-7wpp-x799: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9
ghsa_unreviewed·2024-04-04
CVE-2024-22053 [HIGH] CWE-703 GHSA-vmgj-7wpp-x799: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x
22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
Ivanti
Ivanti Connect Secure Heap Overflow in IPSec
vendor_ivanti·CVSS 8.2
CVE-2024-22053 [HIGH] Ivanti Connect Secure Heap Overflow in IPSec
Ivanti Connect Secure Heap Overflow in IPSec
CVE IDs: CVE-2024-22053
Affected products: Connect Secure, Policy Secure
No detection rules found.
No public exploits indexed.
https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_UShttps://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
2024-04-04
Published