What is the severity of CVE-2024-22052?

CVE-2024-22052 is rated as a high-severity vulnerability that can lead to a denial of service (DoS) attack.

How do I fix CVE-2024-22052?

To fix CVE-2024-22052, apply the latest security patch provided by Ivanti for affected versions of Ivanti Connect Secure and Ivanti Policy Secure.

What versions are affected by CVE-2024-22052?

CVE-2024-22052 affects Ivanti Connect Secure versions 9.x and 22.x, as well as Ivanti Policy Secure versions 9.x and 22.x.

How does CVE-2024-22052 exploit occur?

CVE-2024-22052 exploits a null pointer dereference in the IPSec component, allowing unauthenticated users to crash the service.

What impact does CVE-2024-22052 have on systems?

CVE-2024-22052 can cause systems to become temporarily unavailable, leading to potential disruptions in service.

Vulnerability/
CVE-2024-22052

high

7.5

CWE

476 703

4/4/2024

3/10/2024

CVE-2024-22052: Null Pointer Dereference

First published: Thu Apr 04 2024(Updated: )

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Ivanti Connect Secure (ICS) VPN	=9.1-r1
Ivanti Connect Secure (ICS) VPN	=9.1-r10
Ivanti Connect Secure (ICS) VPN	=9.1-r11
Ivanti Connect Secure (ICS) VPN	=9.1-r11.5
Ivanti Connect Secure (ICS) VPN	=9.1-r12
Ivanti Connect Secure (ICS) VPN	=9.1-r13
Ivanti Connect Secure (ICS) VPN	=9.1-r14
Ivanti Connect Secure (ICS) VPN	=9.1-r15
Ivanti Connect Secure (ICS) VPN	=9.1-r16
Ivanti Connect Secure (ICS) VPN	=9.1-r17
Ivanti Connect Secure (ICS) VPN	=9.1-r18
Ivanti Connect Secure (ICS) VPN	=9.1-r2
Ivanti Connect Secure (ICS) VPN	=9.1-r3
Ivanti Connect Secure (ICS) VPN	=9.1-r4
Ivanti Connect Secure (ICS) VPN	=9.1-r4.1
Ivanti Connect Secure (ICS) VPN	=9.1-r4.2
Ivanti Connect Secure (ICS) VPN	=9.1-r4.3
Ivanti Connect Secure (ICS) VPN	=9.1-r5
Ivanti Connect Secure (ICS) VPN	=9.1-r6
Ivanti Connect Secure (ICS) VPN	=9.1-r7
Ivanti Connect Secure (ICS) VPN	=9.1-r8
Ivanti Connect Secure (ICS) VPN	=9.1-r9
Ivanti Connect Secure (ICS) VPN	=22.1
Ivanti Connect Secure (ICS) VPN	=22.2
Ivanti Connect Secure (ICS) VPN	=22.3
Ivanti Connect Secure (ICS) VPN	=22.4
Ivanti Connect Secure (ICS) VPN	=22.5
Ivanti Connect Secure (ICS) VPN	=22.6
Pulse Policy Secure	=9.0
Pulse Policy Secure	=9.0-r1
Pulse Policy Secure	=9.0-r2
Pulse Policy Secure	=9.0-r2.1
Pulse Policy Secure	=9.0-r3
Pulse Policy Secure	=9.0-r3.1
Pulse Policy Secure	=9.0-r4
Pulse Policy Secure	=9.1
Pulse Policy Secure	=9.1-r1
Pulse Policy Secure	=9.1-r10
Pulse Policy Secure	=9.1-r11
Pulse Policy Secure	=9.1-r12
Pulse Policy Secure	=9.1-r13
Pulse Policy Secure	=9.1-r14
Pulse Policy Secure	=9.1-r15
Pulse Policy Secure	=9.1-r16
Pulse Policy Secure	=9.1-r17
Pulse Policy Secure	=9.1-r18
Pulse Policy Secure	=9.1-r2
Pulse Policy Secure	=9.1-r3
Pulse Policy Secure	=9.1-r4
Pulse Policy Secure	=9.1-r5
Pulse Policy Secure	=9.1-r6
Pulse Policy Secure	=9.1-r7
Pulse Policy Secure	=9.1-r8
Pulse Policy Secure	=9.1-r9
Pulse Policy Secure	=22.1
Pulse Policy Secure	=22.2
Pulse Policy Secure	=22.3
Pulse Policy Secure	=22.4
Pulse Policy Secure	=22.5
Pulse Policy Secure	=22.6

Never miss a vulnerability like this again

Reference Links

https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Frequently Asked Questions

What is the severity of CVE-2024-22052?
CVE-2024-22052 is rated as a high-severity vulnerability that can lead to a denial of service (DoS) attack.
How do I fix CVE-2024-22052?
To fix CVE-2024-22052, apply the latest security patch provided by Ivanti for affected versions of Ivanti Connect Secure and Ivanti Policy Secure.
What versions are affected by CVE-2024-22052?
CVE-2024-22052 affects Ivanti Connect Secure versions 9.x and 22.x, as well as Ivanti Policy Secure versions 9.x and 22.x.
How does CVE-2024-22052 exploit occur?
CVE-2024-22052 exploits a null pointer dereference in the IPSec component, allowing unauthenticated users to crash the service.
What impact does CVE-2024-22052 have on systems?
CVE-2024-22052 can cause systems to become temporarily unavailable, leading to potential disruptions in service.

agent/references
agent/type
agent/description
agent/event
agent/first-publish-date
agent/author
agent/severity
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ivanti
canonical/ivanti connect secure (ics) vpn
version/ivanti connect secure (ics) vpn/9.1-r1
version/ivanti connect secure (ics) vpn/9.1-r10
version/ivanti connect secure (ics) vpn/9.1-r11
version/ivanti connect secure (ics) vpn/9.1-r11.5
version/ivanti connect secure (ics) vpn/9.1-r12
version/ivanti connect secure (ics) vpn/9.1-r13
version/ivanti connect secure (ics) vpn/9.1-r14
version/ivanti connect secure (ics) vpn/9.1-r15
version/ivanti connect secure (ics) vpn/9.1-r16
version/ivanti connect secure (ics) vpn/9.1-r17
version/ivanti connect secure (ics) vpn/9.1-r18
version/ivanti connect secure (ics) vpn/9.1-r2
version/ivanti connect secure (ics) vpn/9.1-r3
version/ivanti connect secure (ics) vpn/9.1-r4
version/ivanti connect secure (ics) vpn/9.1-r4.1
version/ivanti connect secure (ics) vpn/9.1-r4.2
version/ivanti connect secure (ics) vpn/9.1-r4.3
version/ivanti connect secure (ics) vpn/9.1-r5
version/ivanti connect secure (ics) vpn/9.1-r6
version/ivanti connect secure (ics) vpn/9.1-r7
version/ivanti connect secure (ics) vpn/9.1-r8
version/ivanti connect secure (ics) vpn/9.1-r9
version/ivanti connect secure (ics) vpn/22.1
version/ivanti connect secure (ics) vpn/22.2
version/ivanti connect secure (ics) vpn/22.3
version/ivanti connect secure (ics) vpn/22.4
version/ivanti connect secure (ics) vpn/22.5
version/ivanti connect secure (ics) vpn/22.6
canonical/pulse policy secure
version/pulse policy secure/9.0
version/pulse policy secure/9.0-r1
version/pulse policy secure/9.0-r2
version/pulse policy secure/9.0-r2.1
version/pulse policy secure/9.0-r3
version/pulse policy secure/9.0-r3.1
version/pulse policy secure/9.0-r4
version/pulse policy secure/9.1
version/pulse policy secure/9.1-r1
version/pulse policy secure/9.1-r10
version/pulse policy secure/9.1-r11
version/pulse policy secure/9.1-r12
version/pulse policy secure/9.1-r13
version/pulse policy secure/9.1-r14
version/pulse policy secure/9.1-r15
version/pulse policy secure/9.1-r16
version/pulse policy secure/9.1-r17
version/pulse policy secure/9.1-r18
version/pulse policy secure/9.1-r2
version/pulse policy secure/9.1-r3
version/pulse policy secure/9.1-r4
version/pulse policy secure/9.1-r5
version/pulse policy secure/9.1-r6
version/pulse policy secure/9.1-r7
version/pulse policy secure/9.1-r8
version/pulse policy secure/9.1-r9
version/pulse policy secure/22.1
version/pulse policy secure/22.2
version/pulse policy secure/22.3
version/pulse policy secure/22.4
version/pulse policy secure/22.5
version/pulse policy secure/22.6