9.8

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

Data is provided by the National Vulnerability Database (NVD)
IvantiConnect Secure Version9.1 Updater1
IvantiConnect Secure Version9.1 Updater10
IvantiConnect Secure Version9.1 Updater11
IvantiConnect Secure Version9.1 Updater11.5
IvantiConnect Secure Version9.1 Updater12
IvantiConnect Secure Version9.1 Updater13
IvantiConnect Secure Version9.1 Updater14 SwEditionlts
IvantiConnect Secure Version9.1 Updater15
IvantiConnect Secure Version9.1 Updater16
IvantiConnect Secure Version9.1 Updater17
IvantiConnect Secure Version9.1 Updater18
IvantiConnect Secure Version9.1 Updater2
IvantiConnect Secure Version9.1 Updater3
IvantiConnect Secure Version9.1 Updater4
IvantiConnect Secure Version9.1 Updater4.1
IvantiConnect Secure Version9.1 Updater4.2
IvantiConnect Secure Version9.1 Updater4.3
IvantiConnect Secure Version9.1 Updater5
IvantiConnect Secure Version9.1 Updater6
IvantiConnect Secure Version9.1 Updater7
IvantiConnect Secure Version9.1 Updater8
IvantiConnect Secure Version9.1 Updater9
IvantiConnect Secure Version22.1
IvantiConnect Secure Version22.2
IvantiConnect Secure Version22.3
IvantiConnect Secure Version22.4
IvantiConnect Secure Version22.5
IvantiConnect Secure Version22.6
IvantiPolicy Secure Version9.0 Update-
IvantiPolicy Secure Version9.0 Updater1
IvantiPolicy Secure Version9.0 Updater2
IvantiPolicy Secure Version9.0 Updater2.1
IvantiPolicy Secure Version9.0 Updater3
IvantiPolicy Secure Version9.0 Updater3.1
IvantiPolicy Secure Version9.0 Updater4
IvantiPolicy Secure Version9.1 Update-
IvantiPolicy Secure Version9.1 Updater1
IvantiPolicy Secure Version9.1 Updater10
IvantiPolicy Secure Version9.1 Updater11
IvantiPolicy Secure Version9.1 Updater12
IvantiPolicy Secure Version9.1 Updater13
IvantiPolicy Secure Version9.1 Updater14
IvantiPolicy Secure Version9.1 Updater15
IvantiPolicy Secure Version9.1 Updater16
IvantiPolicy Secure Version9.1 Updater17
IvantiPolicy Secure Version9.1 Updater18
IvantiPolicy Secure Version9.1 Updater2
IvantiPolicy Secure Version9.1 Updater3
IvantiPolicy Secure Version9.1 Updater4
IvantiPolicy Secure Version9.1 Updater5
IvantiPolicy Secure Version9.1 Updater6
IvantiPolicy Secure Version9.1 Updater7
IvantiPolicy Secure Version9.1 Updater8
IvantiPolicy Secure Version9.1 Updater9
IvantiPolicy Secure Version22.1
IvantiPolicy Secure Version22.2
IvantiPolicy Secure Version22.3
IvantiPolicy Secure Version22.4
IvantiPolicy Secure Version22.5
IvantiPolicy Secure Version22.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 11.03% 0.931
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
support@hackerone.com 8.2 3.9 4.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE-703 Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.