CVE-2024-22052

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure (affected versions not specified)

Description A null pointer dereference vulnerability in the IPSec component allows an unauthenticated malicious user to send specially crafted requests to crash the service, causing a DoS attack. The vulnerability can also lead to a heap overflow, potentially allowing the attacker to read contents from memory under certain conditions.

Recommendations For Ivanti Connect Secure versions 9.x through 22.x: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Ivanti Policy Secure: At the moment, there is no information about a newer version that contains a fix for this vulnerability.