7.5
CVE-2024-22052
- EPSS 2.8%
- Published 04.04.2024 20:15:08
- Last modified 21.11.2024 08:55:28
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
Data is provided by the National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version9.1 Updater1
Ivanti ≫ Connect Secure Version9.1 Updater10
Ivanti ≫ Connect Secure Version9.1 Updater11
Ivanti ≫ Connect Secure Version9.1 Updater11.5
Ivanti ≫ Connect Secure Version9.1 Updater12
Ivanti ≫ Connect Secure Version9.1 Updater13
Ivanti ≫ Connect Secure Version9.1 Updater14 SwEditionlts
Ivanti ≫ Connect Secure Version9.1 Updater15
Ivanti ≫ Connect Secure Version9.1 Updater16
Ivanti ≫ Connect Secure Version9.1 Updater17
Ivanti ≫ Connect Secure Version9.1 Updater18
Ivanti ≫ Connect Secure Version9.1 Updater2
Ivanti ≫ Connect Secure Version9.1 Updater3
Ivanti ≫ Connect Secure Version9.1 Updater4
Ivanti ≫ Connect Secure Version9.1 Updater4.1
Ivanti ≫ Connect Secure Version9.1 Updater4.2
Ivanti ≫ Connect Secure Version9.1 Updater4.3
Ivanti ≫ Connect Secure Version9.1 Updater5
Ivanti ≫ Connect Secure Version9.1 Updater6
Ivanti ≫ Connect Secure Version9.1 Updater7
Ivanti ≫ Connect Secure Version9.1 Updater8
Ivanti ≫ Connect Secure Version9.1 Updater9
Ivanti ≫ Connect Secure Version22.1
Ivanti ≫ Connect Secure Version22.2
Ivanti ≫ Connect Secure Version22.3
Ivanti ≫ Connect Secure Version22.4
Ivanti ≫ Connect Secure Version22.5
Ivanti ≫ Connect Secure Version22.6
Ivanti ≫ Policy Secure Version9.0 Update-
Ivanti ≫ Policy Secure Version9.0 Updater1
Ivanti ≫ Policy Secure Version9.0 Updater2
Ivanti ≫ Policy Secure Version9.0 Updater2.1
Ivanti ≫ Policy Secure Version9.0 Updater3
Ivanti ≫ Policy Secure Version9.0 Updater3.1
Ivanti ≫ Policy Secure Version9.0 Updater4
Ivanti ≫ Policy Secure Version9.1 Update-
Ivanti ≫ Policy Secure Version9.1 Updater1
Ivanti ≫ Policy Secure Version9.1 Updater10
Ivanti ≫ Policy Secure Version9.1 Updater11
Ivanti ≫ Policy Secure Version9.1 Updater12
Ivanti ≫ Policy Secure Version9.1 Updater13
Ivanti ≫ Policy Secure Version9.1 Updater14
Ivanti ≫ Policy Secure Version9.1 Updater15
Ivanti ≫ Policy Secure Version9.1 Updater16
Ivanti ≫ Policy Secure Version9.1 Updater17
Ivanti ≫ Policy Secure Version9.1 Updater18
Ivanti ≫ Policy Secure Version9.1 Updater2
Ivanti ≫ Policy Secure Version9.1 Updater3
Ivanti ≫ Policy Secure Version9.1 Updater4
Ivanti ≫ Policy Secure Version9.1 Updater5
Ivanti ≫ Policy Secure Version9.1 Updater6
Ivanti ≫ Policy Secure Version9.1 Updater7
Ivanti ≫ Policy Secure Version9.1 Updater8
Ivanti ≫ Policy Secure Version9.1 Updater9
Ivanti ≫ Policy Secure Version22.1
Ivanti ≫ Policy Secure Version22.2
Ivanti ≫ Policy Secure Version22.3
Ivanti ≫ Policy Secure Version22.4
Ivanti ≫ Policy Secure Version22.5
Ivanti ≫ Policy Secure Version22.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.8% | 0.856 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| support@hackerone.com | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CWE-703 Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.