CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Connect_secure	Ivanti	*	22.7 (excluding)
Connect_secure	Ivanti	22.7 (including)	22.7 (including)
Connect_secure	Ivanti	22.7-r1 (including)	22.7-r1 (including)
Connect_secure	Ivanti	22.7-r1.1 (including)	22.7-r1.1 (including)
Connect_secure	Ivanti	22.7-r1.2 (including)	22.7-r1.2 (including)
Connect_secure	Ivanti	22.7-r1.3 (including)	22.7-r1.3 (including)
Connect_secure	Ivanti	22.7-r1.4 (including)	22.7-r1.4 (including)
Connect_secure	Ivanti	22.7-r1.5 (including)	22.7-r1.5 (including)
Connect_secure	Ivanti	22.7-r2 (including)	22.7-r2 (including)
Policy_secure	Ivanti	*	22.7 (excluding)
Policy_secure	Ivanti	22.7 (including)	22.7 (including)
Policy_secure	Ivanti	22.7-r1 (including)	22.7-r1 (including)

Potential Mitigations

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-8495
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References