9.8
CVE-2024-21894
- EPSS 11.03%
- Veröffentlicht 04.04.2024 23:15:15
- Zuletzt bearbeitet 21.11.2024 08:55:12
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version9.1 Updater1
Ivanti ≫ Connect Secure Version9.1 Updater10
Ivanti ≫ Connect Secure Version9.1 Updater11
Ivanti ≫ Connect Secure Version9.1 Updater11.5
Ivanti ≫ Connect Secure Version9.1 Updater12
Ivanti ≫ Connect Secure Version9.1 Updater13
Ivanti ≫ Connect Secure Version9.1 Updater14 SwEditionlts
Ivanti ≫ Connect Secure Version9.1 Updater15
Ivanti ≫ Connect Secure Version9.1 Updater16
Ivanti ≫ Connect Secure Version9.1 Updater17
Ivanti ≫ Connect Secure Version9.1 Updater18
Ivanti ≫ Connect Secure Version9.1 Updater2
Ivanti ≫ Connect Secure Version9.1 Updater3
Ivanti ≫ Connect Secure Version9.1 Updater4
Ivanti ≫ Connect Secure Version9.1 Updater4.1
Ivanti ≫ Connect Secure Version9.1 Updater4.2
Ivanti ≫ Connect Secure Version9.1 Updater4.3
Ivanti ≫ Connect Secure Version9.1 Updater5
Ivanti ≫ Connect Secure Version9.1 Updater6
Ivanti ≫ Connect Secure Version9.1 Updater7
Ivanti ≫ Connect Secure Version9.1 Updater8
Ivanti ≫ Connect Secure Version9.1 Updater9
Ivanti ≫ Connect Secure Version22.1
Ivanti ≫ Connect Secure Version22.2
Ivanti ≫ Connect Secure Version22.3
Ivanti ≫ Connect Secure Version22.4
Ivanti ≫ Connect Secure Version22.5
Ivanti ≫ Connect Secure Version22.6
Ivanti ≫ Policy Secure Version9.0 Update-
Ivanti ≫ Policy Secure Version9.0 Updater1
Ivanti ≫ Policy Secure Version9.0 Updater2
Ivanti ≫ Policy Secure Version9.0 Updater2.1
Ivanti ≫ Policy Secure Version9.0 Updater3
Ivanti ≫ Policy Secure Version9.0 Updater3.1
Ivanti ≫ Policy Secure Version9.0 Updater4
Ivanti ≫ Policy Secure Version9.1 Update-
Ivanti ≫ Policy Secure Version9.1 Updater1
Ivanti ≫ Policy Secure Version9.1 Updater10
Ivanti ≫ Policy Secure Version9.1 Updater11
Ivanti ≫ Policy Secure Version9.1 Updater12
Ivanti ≫ Policy Secure Version9.1 Updater13
Ivanti ≫ Policy Secure Version9.1 Updater14
Ivanti ≫ Policy Secure Version9.1 Updater15
Ivanti ≫ Policy Secure Version9.1 Updater16
Ivanti ≫ Policy Secure Version9.1 Updater17
Ivanti ≫ Policy Secure Version9.1 Updater18
Ivanti ≫ Policy Secure Version9.1 Updater2
Ivanti ≫ Policy Secure Version9.1 Updater3
Ivanti ≫ Policy Secure Version9.1 Updater4
Ivanti ≫ Policy Secure Version9.1 Updater5
Ivanti ≫ Policy Secure Version9.1 Updater6
Ivanti ≫ Policy Secure Version9.1 Updater7
Ivanti ≫ Policy Secure Version9.1 Updater8
Ivanti ≫ Policy Secure Version9.1 Updater9
Ivanti ≫ Policy Secure Version22.1
Ivanti ≫ Policy Secure Version22.2
Ivanti ≫ Policy Secure Version22.3
Ivanti ≫ Policy Secure Version22.4
Ivanti ≫ Policy Secure Version22.5
Ivanti ≫ Policy Secure Version22.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 11.03% | 0.931 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
support@hackerone.com | 8.2 | 3.9 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
|
CWE-703 Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.