An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Ivanti
  • Connect Secure

No data.

No data.

References
Link Providers
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs cve-icon cve-icon
History

Wed, 13 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti connect Secure
Weaknesses CWE-125
CPEs cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti connect Secure
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.
References
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-11-13T01:54:45.457Z

Updated: 2024-11-13T17:03:52.122Z

Reserved: 2024-06-19T01:04:07.137Z

Link: CVE-2024-38649

cve-icon Vulnrichment

Updated: 2024-11-13T17:03:31.544Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-13T02:15:18.337

Modified: 2024-11-13T17:35:05.697

Link: CVE-2024-38649

cve-icon Redhat

No data.