CVE-2024-29205

EUVD-2024-26222
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
hackeroneCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ivanticonnect_secure
𝑥
≤ 9.1R18.5
CNA
ivanticonnect_secure
𝑥
≤ 22.6R2.3
CNA
ivanticonnect_secure
𝑥
≤ 9.1R17.4
CNA
ivanticonnect_secure
𝑥
≤ 22.2R3
CNA
ivanticonnect_secure
𝑥
≤ 22.5R2.4
CNA
ivanticonnect_secure
𝑥
≤ 9.1R14.6
CNA
ivanticonnect_secure
𝑥
≤ 9.1R16.4
CNA
ivanticonnect_secure
𝑥
≤ 9.1R15.4
CNA
ivanticonnect_secure
𝑥
≤ 22.2R4.2
CNA
ivanticonnect_secure
𝑥
≤ 22.4R1.2
CNA
ivanticonnect_secure
𝑥
≤ 22.6R1.2
CNA
ivanticonnect_secure
𝑥
≤ 22.1R6.2
CNA
ivanticonnect_secure
𝑥
≤ 22.3R1.2
CNA
ivanticonnect_secure
𝑥
≤ 22.4R2.4
CNA
ivanticonnect_secure
𝑥
≤ 22.5R1.3
CNA
Common Weakness Enumeration
References
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US