CVE-2024-29205
published 2024-04-25CVE-2024-29205: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x…
PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
1.58%
72.5th percentile
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | >= 22.1R6.2 < 22.1R6.2 | 22.1R6.2 |
| ivanti | connect_secure | >= 22.2R3 < 22.2R3 | 22.2R3 |
| ivanti | connect_secure | >= 22.2R4.2 < 22.2R4.2 | 22.2R4.2 |
| ivanti | connect_secure | >= 22.3R1.2 < 22.3R1.2 | 22.3R1.2 |
| ivanti | connect_secure | >= 22.4R1.2 < 22.4R1.2 | 22.4R1.2 |
| ivanti | connect_secure | >= 22.4R2.4 < 22.4R2.4 | 22.4R2.4 |
| ivanti | connect_secure | >= 22.5R1.3 < 22.5R1.3 | 22.5R1.3 |
| ivanti | connect_secure | >= 22.5R2.4 < 22.5R2.4 | 22.5R2.4 |
| ivanti | connect_secure | >= 22.6R1.2 < 22.6R1.2 | 22.6R1.2 |
| ivanti | connect_secure | >= 22.6R2.3 < 22.6R2.3 | 22.6R2.3 |
| ivanti | connect_secure | >= 9.1R14.6 < 9.1R14.6 | 9.1R14.6 |
| ivanti | connect_secure | >= 9.1R15.4 < 9.1R15.4 | 9.1R15.4 |
| ivanti | connect_secure | >= 9.1R16.4 < 9.1R16.4 | 9.1R16.4 |
| ivanti | connect_secure | >= 9.1R17.4 < 9.1R17.4 | 9.1R17.4 |
| ivanti | connect_secure | >= 9.1R18.5 < 9.1R18.5 | 9.1R18.5 |
| ivanti | policy_secure | >= 22.2R3 < 22.2R3 | 22.2R3 |
| ivanti | policy_secure | >= 22.5R1.3 < 22.5R1.3 | 22.5R1.3 |
| ivanti | policy_secure | >= 9.1R17.4 < 9.1R17.4 | 9.1R17.4 |
| ivanti | policy_secure | >= 9.1R18.5 < 9.1R18.5 | 9.1R18.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-29205
vendor_ivanti·2024-04-25·CVSS 7.5
CVE-2024-29205 [HIGH] CWE-703 Ivanti Security Advisory: CVE-2024-29205
Ivanti Security Advisory: CVE-2024-29205
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
CVE IDs: CVE-2024-29205
CVSS Base Score: 7.5
Severity: HIGH
CWEs: CWE-703
GHSA
GHSA-cv75-h25f-pjqj: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9
ghsa_unreviewed·2024-04-25
CVE-2024-29205 [HIGH] CWE-703 GHSA-cv75-h25f-pjqj: An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_UShttps://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
2024-04-25
Published