HIGH🇵🇱 Wersja polska

CVE-2024-22053

CVSS 8.2v3.1pub. 2024-04-04upd. 2024-11-21

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • Ivanti Connect Secure

    APP
    Ivanti
    22.122.222.322.422.522.69.1
  • Ivanti Policy Secure

    APP
    Ivanti
    22.122.222.322.422.522.69.09.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-22457CRITICAL9.0⚠ KEVPL ✓ten sam produkt

Stack-based buffer overflow w Ivanti Connect Secure, Policy Secure i ZTA Gateways umożliwiający RCE

CVE-2025-0282CRITICAL9.0⚠ KEVPL ✓ten sam produkt

Stack-based buffer overflow RCE w Ivanti Connect Secure, Policy Secure i Neurons for ZTA

CVE-2024-21887CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Command injection w Ivanti Connect Secure i Policy Secure — RCE jako administrator

CVE-2021-22893CRITICAL10.0⚠ KEVten sam produkt

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by...

CVE-2019-11510CRITICAL10.0⚠ KEVten sam produkt

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an...