A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Connect_secure | Ivanti | * | 9.1 (excluding) |
| Connect_secure | Ivanti | 21.9 (including) | 22.7 (excluding) |
| Connect_secure | Ivanti | 9.1 (including) | 9.1 (including) |
| Connect_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
| Connect_secure | Ivanti | 9.1-r1.0 (including) | 9.1-r1.0 (including) |
| Connect_secure | Ivanti | 9.1-r10 (including) | 9.1-r10 (including) |
| Connect_secure | Ivanti | 9.1-r10.0 (including) | 9.1-r10.0 (including) |
| Connect_secure | Ivanti | 9.1-r10.2 (including) | 9.1-r10.2 (including) |
| Connect_secure | Ivanti | 9.1-r11 (including) | 9.1-r11 (including) |
| Connect_secure | Ivanti | 9.1-r11.0 (including) | 9.1-r11.0 (including) |
| Connect_secure | Ivanti | 9.1-r11.1 (including) | 9.1-r11.1 (including) |
| Connect_secure | Ivanti | 9.1-r11.3 (including) | 9.1-r11.3 (including) |
| Connect_secure | Ivanti | 9.1-r11.4 (including) | 9.1-r11.4 (including) |
| Connect_secure | Ivanti | 9.1-r11.5 (including) | 9.1-r11.5 (including) |
| Connect_secure | Ivanti | 9.1-r12 (including) | 9.1-r12 (including) |
| Connect_secure | Ivanti | 9.1-r12.1 (including) | 9.1-r12.1 (including) |
| Connect_secure | Ivanti | 9.1-r12.2 (including) | 9.1-r12.2 (including) |
| Connect_secure | Ivanti | 9.1-r13 (including) | 9.1-r13 (including) |
| Connect_secure | Ivanti | 9.1-r13.1 (including) | 9.1-r13.1 (including) |
| Connect_secure | Ivanti | 9.1-r14 (including) | 9.1-r14 (including) |
| Connect_secure | Ivanti | 9.1-r14.4 (including) | 9.1-r14.4 (including) |
| Connect_secure | Ivanti | 9.1-r15 (including) | 9.1-r15 (including) |
| Connect_secure | Ivanti | 9.1-r15.2 (including) | 9.1-r15.2 (including) |
| Connect_secure | Ivanti | 9.1-r16 (including) | 9.1-r16 (including) |
| Connect_secure | Ivanti | 9.1-r16.1 (including) | 9.1-r16.1 (including) |
| Connect_secure | Ivanti | 9.1-r17 (including) | 9.1-r17 (including) |
| Connect_secure | Ivanti | 9.1-r17.1 (including) | 9.1-r17.1 (including) |
| Connect_secure | Ivanti | 9.1-r17.2 (including) | 9.1-r17.2 (including) |
| Connect_secure | Ivanti | 9.1-r18 (including) | 9.1-r18 (including) |
| Connect_secure | Ivanti | 9.1-r18.1 (including) | 9.1-r18.1 (including) |
| Connect_secure | Ivanti | 9.1-r18.2 (including) | 9.1-r18.2 (including) |
| Connect_secure | Ivanti | 9.1-r18.3 (including) | 9.1-r18.3 (including) |
| Connect_secure | Ivanti | 9.1-r18.7 (including) | 9.1-r18.7 (including) |
| Connect_secure | Ivanti | 9.1-r18.8 (including) | 9.1-r18.8 (including) |
| Connect_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
| Connect_secure | Ivanti | 9.1-r2.0 (including) | 9.1-r2.0 (including) |
| Connect_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
| Connect_secure | Ivanti | 9.1-r3.0 (including) | 9.1-r3.0 (including) |
| Connect_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
| Connect_secure | Ivanti | 9.1-r4.0 (including) | 9.1-r4.0 (including) |
| Connect_secure | Ivanti | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
| Connect_secure | Ivanti | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
| Connect_secure | Ivanti | 9.1-r4.3 (including) | 9.1-r4.3 (including) |
| Connect_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
| Connect_secure | Ivanti | 9.1-r5.0 (including) | 9.1-r5.0 (including) |
| Connect_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
| Connect_secure | Ivanti | 9.1-r6.0 (including) | 9.1-r6.0 (including) |
| Connect_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
| Connect_secure | Ivanti | 9.1-r7.0 (including) | 9.1-r7.0 (including) |
| Connect_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
| Connect_secure | Ivanti | 9.1-r8.0 (including) | 9.1-r8.0 (including) |
| Connect_secure | Ivanti | 9.1-r8.1 (including) | 9.1-r8.1 (including) |
| Connect_secure | Ivanti | 9.1-r8.2 (including) | 9.1-r8.2 (including) |
| Connect_secure | Ivanti | 9.1-r8.4 (including) | 9.1-r8.4 (including) |
| Connect_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
| Connect_secure | Ivanti | 9.1-r9.0 (including) | 9.1-r9.0 (including) |
| Connect_secure | Ivanti | 9.1-r9.1 (including) | 9.1-r9.1 (including) |
| Connect_secure | Ivanti | 9.1-r9.2 (including) | 9.1-r9.2 (including) |
| Connect_secure | Ivanti | 22.7 (including) | 22.7 (including) |
| Connect_secure | Ivanti | 22.7-r1 (including) | 22.7-r1 (including) |
| Connect_secure | Ivanti | 22.7-r1.1 (including) | 22.7-r1.1 (including) |
| Connect_secure | Ivanti | 22.7-r1.2 (including) | 22.7-r1.2 (including) |
| Connect_secure | Ivanti | 22.7-r1.3 (including) | 22.7-r1.3 (including) |
| Connect_secure | Ivanti | 22.7-r1.4 (including) | 22.7-r1.4 (including) |
| Connect_secure | Ivanti | 22.7-r1.5 (including) | 22.7-r1.5 (including) |
| Connect_secure | Ivanti | 22.7-r2 (including) | 22.7-r2 (including) |
| Connect_secure | Ivanti | 22.7-r2.1 (including) | 22.7-r2.1 (including) |
| Connect_secure | Ivanti | 22.7-r2.2 (including) | 22.7-r2.2 (including) |
| Policy_secure | Ivanti | * | 22.7 (excluding) |
| Policy_secure | Ivanti | 22.7 (including) | 22.7 (including) |
| Policy_secure | Ivanti | 22.7-r1 (including) | 22.7-r1 (including) |
| Policy_secure | Ivanti | 22.7-r1.1 (including) | 22.7-r1.1 (including) |