A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ivanti connect secure 9.1 |
||
ivanti policy secure 9.1 |
||
ivanti policy secure 9.0 |
||
ivanti connect secure 22.1 |
||
ivanti connect secure 22.2 |
||
ivanti connect secure 22.3 |
||
ivanti connect secure 22.4 |
||
ivanti connect secure 22.5 |
||
ivanti connect secure 22.6 |
||
ivanti policy secure 22.1 |
||
ivanti policy secure 22.2 |
||
ivanti policy secure 22.3 |
||
ivanti policy secure 22.4 |
||
ivanti policy secure 22.5 |
||
ivanti policy secure 22.6 |
New Ivanti RCE flaw may impact 16,000 exposed VPN gateways By Bill Toulas April 5, 2024 01:40 PM 0 Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. The flaw is tracked as CVE-2024-21894 and is a high-severity heap overflow in the IPSec component of Ivanti Connect Secure 9.x and 22.x, potentially allowing unauthenticated users to cause denial of ...
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks By Sergiu Gatlan April 3, 2024 01:29 PM 0 IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. Unauthenticated attackers can exploit one of them, a high-severity flaw tracked as CVE-2024-21894, to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require use...
Vulmon