Advisory

Ivanti patches four flaws allowing DoS and possibly RCE attacks

Take action: If you are using Ivanti Connect Secure or Policy Secure Gateways, another patching effort to be planned. It's not a panic mode patch, since the first attack scenario is denial of service - unpleasant but less harmful. But don't ignore the patch, because the attack can escalate to persistent DoS or even remote code execution.

Learn More

Ivanti has recently addressed a set of four vulnerabilities affecting its Connect Secure and Policy Secure Gateways. These vulnerabilities could potentially lead to unauthorized code execution and denial-of-service (DoS) attacks. The identified vulnerabilities and their respective severities are as follows:

  • CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (versions 9.x, 22.x) and Ivanti Policy Secure allows unauthenticated attackers to send specially crafted requests that could crash the service, leading to a DoS attack or, under certain conditions, execute arbitrary code.
  • CVE-2024-22052 (CVSS score 7.5) is a null pointer dereference vulnerability in the IPSec component of Ivanti Connect Secure (versions 9.x, 22.x) and Ivanti Policy Secure, where unauthenticated attackers could send specially crafted requests to crash the service, thereby causing a DoS attack.
  • CVE-2024-22053 (CVSS score 8.2) is a heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (versions 9.x, 22.x) and Ivanti Policy Secure, which allows unauthenticated attackers to send specially crafted requests. This could either crash the service, leading to a DoS attack, or allow attackers to read contents from memory under certain conditions.
  • CVE-2024-22023 (CVSS score 5.3) is an XML entity expansion or XEE vulnerability in the SAML component of Ivanti Connect Secure (versions 9.x, 22.x) and Ivanti Policy Secure. This vulnerability allows unauthenticated attackers to send specially crafted XML requests to temporarily exhaust resources, resulting in a limited-time DoS.

Ivanti has stated that it is not aware of any customers being exploited by these issues at the time of disclosure.

Ivanti has released patches for all supported versions of Ivanti Connect Secure and Ivanti Policy Secure to address recent vulnerabilities. Customers are urged to download and apply these patches immediately from the standard download portal to ensure full protection.

  • Ivanti Connect Secure: 22.1R6.2, 22.2R4.2, 22.3R1.2, 22.4R1.2, 22.4R2.4, 22.5R1.3, 22.5R2.4, 22.6R2.3, 9.1R14.6, 9.1R15.4, 9.1R16.4, 9.1R17.4 and 9.1R18.5. 

  • Ivanti Policy Secure: 22.4R1.2, 22.5R1.3, 22.6R1.2, 9.1R16.4, 9.1R17.4 and 9.1R18.5.  

Ivanti patches four flaws allowing DoS and possibly RCE attacks
Read More
Critical Citrix NetScaler Vulnerability CVE-2026-3055 Exploited in the …
Nvidia reports critical flaw in Container Toolkit allowing …
Monitoring software Centreon patches multiple SQL Injection flaws
Logsign patches critical flaws exposing systems to takeover
PaperCut Critical Vulnerability exposing Path Traversal/File Upload RCE