CVE Vulnerabilities

CVE-2024-22052

NULL Pointer Dereference

Published: Apr 04, 2024 | Modified: Apr 08, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Connect_secure Ivanti 9.1-r1 (including) 9.1-r1 (including)
Connect_secure Ivanti 9.1-r10 (including) 9.1-r10 (including)
Connect_secure Ivanti 9.1-r11 (including) 9.1-r11 (including)
Connect_secure Ivanti 9.1-r11.5 (including) 9.1-r11.5 (including)
Connect_secure Ivanti 9.1-r12 (including) 9.1-r12 (including)
Connect_secure Ivanti 9.1-r13 (including) 9.1-r13 (including)
Connect_secure Ivanti 9.1-r14 (including) 9.1-r14 (including)
Connect_secure Ivanti 9.1-r15 (including) 9.1-r15 (including)
Connect_secure Ivanti 9.1-r16 (including) 9.1-r16 (including)
Connect_secure Ivanti 9.1-r17 (including) 9.1-r17 (including)
Connect_secure Ivanti 9.1-r18 (including) 9.1-r18 (including)
Connect_secure Ivanti 9.1-r2 (including) 9.1-r2 (including)
Connect_secure Ivanti 9.1-r3 (including) 9.1-r3 (including)
Connect_secure Ivanti 9.1-r4 (including) 9.1-r4 (including)
Connect_secure Ivanti 9.1-r4.1 (including) 9.1-r4.1 (including)
Connect_secure Ivanti 9.1-r4.2 (including) 9.1-r4.2 (including)
Connect_secure Ivanti 9.1-r4.3 (including) 9.1-r4.3 (including)
Connect_secure Ivanti 9.1-r5 (including) 9.1-r5 (including)
Connect_secure Ivanti 9.1-r6 (including) 9.1-r6 (including)
Connect_secure Ivanti 9.1-r7 (including) 9.1-r7 (including)
Connect_secure Ivanti 9.1-r8 (including) 9.1-r8 (including)
Connect_secure Ivanti 9.1-r9 (including) 9.1-r9 (including)
Connect_secure Ivanti 22.1 (including) 22.1 (including)
Connect_secure Ivanti 22.2 (including) 22.2 (including)
Connect_secure Ivanti 22.3 (including) 22.3 (including)
Connect_secure Ivanti 22.4 (including) 22.4 (including)
Connect_secure Ivanti 22.5 (including) 22.5 (including)
Connect_secure Ivanti 22.6 (including) 22.6 (including)
Policy_secure Ivanti 9.0 (including) 9.0 (including)
Policy_secure Ivanti 9.0-r1 (including) 9.0-r1 (including)
Policy_secure Ivanti 9.0-r2 (including) 9.0-r2 (including)
Policy_secure Ivanti 9.0-r2.1 (including) 9.0-r2.1 (including)
Policy_secure Ivanti 9.0-r3 (including) 9.0-r3 (including)
Policy_secure Ivanti 9.0-r3.1 (including) 9.0-r3.1 (including)
Policy_secure Ivanti 9.0-r4 (including) 9.0-r4 (including)
Policy_secure Ivanti 9.1 (including) 9.1 (including)
Policy_secure Ivanti 9.1-r1 (including) 9.1-r1 (including)
Policy_secure Ivanti 9.1-r10 (including) 9.1-r10 (including)
Policy_secure Ivanti 9.1-r11 (including) 9.1-r11 (including)
Policy_secure Ivanti 9.1-r12 (including) 9.1-r12 (including)
Policy_secure Ivanti 9.1-r13 (including) 9.1-r13 (including)
Policy_secure Ivanti 9.1-r14 (including) 9.1-r14 (including)
Policy_secure Ivanti 9.1-r15 (including) 9.1-r15 (including)
Policy_secure Ivanti 9.1-r16 (including) 9.1-r16 (including)
Policy_secure Ivanti 9.1-r17 (including) 9.1-r17 (including)
Policy_secure Ivanti 9.1-r18 (including) 9.1-r18 (including)
Policy_secure Ivanti 9.1-r2 (including) 9.1-r2 (including)
Policy_secure Ivanti 9.1-r3 (including) 9.1-r3 (including)
Policy_secure Ivanti 9.1-r4 (including) 9.1-r4 (including)
Policy_secure Ivanti 9.1-r5 (including) 9.1-r5 (including)
Policy_secure Ivanti 9.1-r6 (including) 9.1-r6 (including)
Policy_secure Ivanti 9.1-r7 (including) 9.1-r7 (including)
Policy_secure Ivanti 9.1-r8 (including) 9.1-r8 (including)
Policy_secure Ivanti 9.1-r9 (including) 9.1-r9 (including)
Policy_secure Ivanti 22.1 (including) 22.1 (including)
Policy_secure Ivanti 22.2 (including) 22.2 (including)
Policy_secure Ivanti 22.3 (including) 22.3 (including)
Policy_secure Ivanti 22.4 (including) 22.4 (including)
Policy_secure Ivanti 22.5 (including) 22.5 (including)
Policy_secure Ivanti 22.6 (including) 22.6 (including)

Potential Mitigations

References