Skip to main content

Connect Secure CVE-2024-22053

HIGH
Out-of-bounds Write (CWE-787)
2024-04-04 support@hackerone.com
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 04, 2024 - 20:15 nvd
HIGH 8.2

DescriptionNVD

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

AnalysisAI

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. Affected products include: Ivanti Connect Secure, Ivanti Policy Secure.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2025-0282 CRITICAL POC
9.0 Jan 08

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated

CVE-2025-22457 CRITICAL POC
9.0 Apr 03

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated re

CVE-2025-22467 CRITICAL
9.9 Feb 11

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to

CVE-2024-37404 HIGH POC
8.8 Oct 18

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Se

CVE-2020-8260 HIGH POC
7.2 Oct 28

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform

CVE-2019-11539 HIGH POC
7.2 Apr 26

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R

CVE-2024-21894 CRITICAL POC
9.8 Apr 04

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an

CVE-2019-11540 CRITICAL POC
9.8 Apr 26

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure versi

CVE-2024-21888 HIGH POC
8.8 Jan 31

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x

CVE-2024-22024 HIGH POC
8.3 Feb 13

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Se

CVE-2019-11538 HIGH POC
7.7 Apr 26

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R

CVE-2020-8218 HIGH POC
7.2 Jul 30

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform

Share

CVE-2024-22053 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy