Cyber Resilience

CVE-2024-22053

High

Published: 04 April 2024

Published
04 April 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score 0.0742 91.9th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22053 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ivanti Policy Secure. Its CVSS base score is 8.2 (High).

Operationally, ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure versions 9.x and 22.x as well as Ivanti Policy Secure. The flaw, tracked as CVE-2024-22053 and assigned CWE-787 and CWE-703, carries a CVSS 3.1 score of 8.2 reflecting network attack vector, low complexity, and no required authentication or user interaction.

An unauthenticated attacker can send specially crafted requests that trigger the overflow, resulting in a service crash and denial of service; under certain conditions the same requests may also permit reading arbitrary memory contents.

Ivanti has published advisories on its support forums that address this issue together with related heap-overflow, null-pointer, and XML-entity vulnerabilities affecting the same Connect Secure and Policy Secure gateways. The EPSS score remains flat at 0.0742 with no material increase after disclosure.

EU & UK References

Vulnerability details

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions…

more

read contents from memory.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
connect secure
22.1, 22.2, 22.3, 22.4, 22.5
ivanti
policy secure
22.1, 22.2, 22.3, 22.4, 22.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-703

Implements explicit check and handling for the exceptional condition of audit logging process failure.

addresses: CWE-703

Establishing and monitoring system metrics with correlation and response actions helps identify and address improper handling of exceptional conditions.

addresses: CWE-703

Provides a defined response to detected conditions by restricting operation, ensuring exceptional conditions are handled rather than ignored or mishandled.

addresses: CWE-703

Contingency training equips users with defined procedures to check and respond to exceptional conditions during disruptions, reducing exploitation of mishandled errors.

addresses: CWE-703

Testing verifies the system's ability to detect, handle, and recover from exceptional conditions as part of the plan, reducing exploitability of improper exception handling.

addresses: CWE-703

Regular updates keep contingency procedures aligned with system changes, providing structured handling for exceptional conditions that would otherwise allow unmitigated exploitation.

addresses: CWE-703

Policy defines checks and handling for exceptional conditions arising from security incidents.

addresses: CWE-703

Performing IR tests ensures exceptional conditions are properly checked and handled to enable effective response.

References