CVE-2024-29205

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el componente web de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) permite a un atacante remoto no autenticado enviar solicitudes especialmente manipuladas en -orden-para causar interrupciones en el servicio.

*Credits: N/A

CVSS Scores

HackerOnev3 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-19 CVE Reserved
2024-04-24 CVE Published
2024-04-25 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-703: Improper Check or Handling of Exceptional Conditions

CAPEC

References (1)

URL	Tag	Source
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1R18.5 Search vendor "Ivanti" for product "Connect Secure" and version "9.1R18.5"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.6R2.3 Search vendor "Ivanti" for product "Connect Secure" and version "22.6R2.3"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1R17.4 Search vendor "Ivanti" for product "Connect Secure" and version "9.1R17.4"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.2R3 Search vendor "Ivanti" for product "Connect Secure" and version "22.2R3"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.5R2.4 Search vendor "Ivanti" for product "Connect Secure" and version "22.5R2.4"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1R14.6 Search vendor "Ivanti" for product "Connect Secure" and version "9.1R14.6"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1R16.4 Search vendor "Ivanti" for product "Connect Secure" and version "9.1R16.4"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				9.1R15.4 Search vendor "Ivanti" for product "Connect Secure" and version "9.1R15.4"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.2R4.2 Search vendor "Ivanti" for product "Connect Secure" and version "22.2R4.2"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.4R1.2 Search vendor "Ivanti" for product "Connect Secure" and version "22.4R1.2"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.6R1.2 Search vendor "Ivanti" for product "Connect Secure" and version "22.6R1.2"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.1R6.2 Search vendor "Ivanti" for product "Connect Secure" and version "22.1R6.2"		en		Affected
Ivanti Search vendor "Ivanti"		Connect Secure Search vendor "Ivanti" for product "Connect Secure"				22.3R1.2 Search vendor "Ivanti" for product "Connect Secure" and version "22.3R1.2"		en		Affected
Ivanti Search vendor "Ivanti "		Connect Secure Search vendor "Ivanti " for product "Connect Secure"				22.4R2.4 Search vendor "Ivanti " for product "Connect Secure" and version "22.4R2.4"		en		Affected
Ivanti Search vendor "Ivanti "		Connect Secure Search vendor "Ivanti " for product "Connect Secure"				22.5R1.3 Search vendor "Ivanti " for product "Connect Secure" and version "22.5R1.3"		en		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.5R1.3 Search vendor "Ivanti" for product "Policy Secure" and version "22.5R1.3"		en		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1R18.5 Search vendor "Ivanti" for product "Policy Secure" and version "9.1R18.5"		en		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				9.1R17.4 Search vendor "Ivanti" for product "Policy Secure" and version "9.1R17.4"		en		Affected
Ivanti Search vendor "Ivanti"		Policy Secure Search vendor "Ivanti" for product "Policy Secure"				22.2R3 Search vendor "Ivanti" for product "Policy Secure" and version "22.2R3"		en		Affected