Published: 04/04/2024 Updated: 08/04/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

Vulnerable Product	Search on Vulmon	Subscribe to Product
ivanti connect secure 9.1
ivanti policy secure 9.1
ivanti policy secure 9.0
ivanti connect secure 22.1
ivanti connect secure 22.2
ivanti connect secure 22.3
ivanti connect secure 22.4
ivanti connect secure 22.5
ivanti connect secure 22.6
ivanti policy secure 22.1
ivanti policy secure 22.2
ivanti policy secure 22.3
ivanti policy secure 22.4
ivanti policy secure 22.5
ivanti policy secure 22.6

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

BleepingComputer • Sergiu Gatlan • 03 Apr 2024

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks By Sergiu Gatlan April 3, 2024 01:29 PM 0 IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. Unauthenticated attackers can exploit one of them, a high-severity flaw tracked as CVE-2024-21894, to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require use...

CVE-2024-22052

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect