CVE-2024-22053Out-of-bounds Write in Ivanti Connect Secure

CWE-787Out-of-bounds WriteCWE-703Improper Check or Handling of Exceptional Conditions4 documents4 sources
Severity
8.2HIGHNVD
EPSS
7.4%
top 8.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ivanti Connect SecureIvanti Policy Secure
Timeline
PublishedApr 4

Description

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages4 packages

CVEListV5ivanti/policy_secure22.4R1.222.4R1.2+5
CVEListV5ivanti/connect_secure22.1R6.222.1R6.2+12
NVDivanti/policy_secure8 versions+7
NVDivanti/connect_secure7 versions+6

🔴Vulnerability Details

2
CVEList
CVE-2024-22053: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (92024-04-04
GHSA
GHSA-vmgj-7wpp-x799: A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (92024-04-04

📋Vendor Advisories

1
Ivanti
Ivanti Connect Secure Heap Overflow in IPSec
CVE-2024-22053 — Out-of-bounds Write in Ivanti | cvebase