A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
An attacker sends specially crafted requests to the IPSec component, causing a heap buffer overflow. Improper memory management (CWE-787 — out-of-bounds write, CWE-703 — improper exception handling) leads to service failure. Under specific environmental conditions, it is possible to overwrite critical memory structures in a way that enables code execution control.
An attacker can cause service unavailability (DoS) through a crash of the IPSec component, and under favorable conditions — remote execution of arbitrary code (RCE) with process privileges, which may result in complete takeover of the device.
Patches available from the vendor should be applied in accordance with the references — detailed information about patched versions is contained in the Ivanti security bulletin: SA-CVE-2024-21894.
Ivanti Connect Secure versions 9.x and 22.x, as well as Ivanti Policy Secure (versions indicated in vendor references).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIvanti Connect Secure
APPIvanti22.122.222.322.422.522.69.1Ivanti Policy Secure
APPIvanti22.122.222.322.422.522.69.09.1
Related vulnerabilities
Stack-based buffer overflow w Ivanti Connect Secure, Policy Secure i ZTA Gateways umożliwiający RCE
Stack-based buffer overflow RCE w Ivanti Connect Secure, Policy Secure i Neurons for ZTA
Command injection w Ivanti Connect Secure i Policy Secure — RCE jako administrator
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by...
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an...