CVE-2024-29205Improper Check or Handling of Exceptional Conditions in Ivanti Connect Secure

CWE-703Improper Check or Handling of Exceptional Conditions3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.7%
top 14.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ivanti Connect SecureIvanti Policy Secure
Timeline
PublishedApr 25

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ivanti/policy_secure22.5R1.322.5R1.3+3
CVEListV5ivanti/connect_secure9.1R18.59.1R18.5+14

🔴Vulnerability Details

2
GHSA
GHSA-cv75-h25f-pjqj: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (92024-04-25
CVEList
CVE-2024-29205: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (92024-04-24
CVE-2024-29205 — Ivanti Connect Secure vulnerability | cvebase