CVE-2024-22053
Published: 04 April 2024
Summary
CVE-2024-22053 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ivanti Policy Secure. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure versions 9.x and 22.x as well as Ivanti Policy Secure. The flaw, tracked as CVE-2024-22053 and assigned CWE-787 and CWE-703, carries a CVSS 3.1 score of 8.2 reflecting network attack vector, low complexity, and no required authentication or user interaction.
An unauthenticated attacker can send specially crafted requests that trigger the overflow, resulting in a service crash and denial of service; under certain conditions the same requests may also permit reading arbitrary memory contents.
Ivanti has published advisories on its support forums that address this issue together with related heap-overflow, null-pointer, and XML-entity vulnerabilities affecting the same Connect Secure and Policy Secure gateways. The EPSS score remains flat at 0.0742 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19651
Vulnerability details
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions…
more
read contents from memory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Implements explicit check and handling for the exceptional condition of audit logging process failure.
Establishing and monitoring system metrics with correlation and response actions helps identify and address improper handling of exceptional conditions.
Provides a defined response to detected conditions by restricting operation, ensuring exceptional conditions are handled rather than ignored or mishandled.
Contingency training equips users with defined procedures to check and respond to exceptional conditions during disruptions, reducing exploitation of mishandled errors.
Testing verifies the system's ability to detect, handle, and recover from exceptional conditions as part of the plan, reducing exploitability of improper exception handling.
Regular updates keep contingency procedures aligned with system changes, providing structured handling for exceptional conditions that would otherwise allow unmitigated exploitation.
Policy defines checks and handling for exceptional conditions arising from security incidents.
Performing IR tests ensures exceptional conditions are properly checked and handled to enable effective response.