An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Ivanti
  • Connect Secure

No data.

No data.

References
Link Providers
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs cve-icon cve-icon
History

Wed, 13 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti connect Secure
Weaknesses CWE-125
CPEs cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti connect Secure
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
Description An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
References
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-11-13T16:57:19.557Z

Reserved: 2024-06-08T01:04:07.093Z

Link: CVE-2024-37400

cve-icon Vulnrichment

Updated: 2024-11-13T16:57:11.624Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-13T02:15:18.163

Modified: 2024-11-13T17:35:04.687

Link: CVE-2024-37400

cve-icon Redhat

No data.