What is the severity of CVE-2024-22053?

CVE-2024-22053 is considered a critical severity vulnerability due to its potential to cause a denial-of-service (DoS) and allow unauthorized memory access.

How do I fix CVE-2024-22053?

To fix CVE-2024-22053, you should update your Ivanti Connect Secure and Ivanti Policy Secure software to the latest patched versions provided by Ivanti.

What types of systems are affected by CVE-2024-22053?

CVE-2024-22053 affects various versions of Ivanti Connect Secure and Ivanti Policy Secure from 9.x and 22.x series.

What impact does CVE-2024-22053 have on my system?

The impact of CVE-2024-22053 includes potential service crashes and unauthorized access to sensitive memory contents.

Is my version vulnerable to CVE-2024-22053?

You are vulnerable to CVE-2024-22053 if you are running affected versions of Ivanti Connect Secure or Ivanti Policy Secure listed in the vulnerability report.

Vulnerability/
CVE-2024-22053

high

8.2

CWE

787 703

4/4/2024

3/10/2024

CVE-2024-22053

First published: Thu Apr 04 2024(Updated: )

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Ivanti Connect Secure (ICS) VPN	=9.1-r1
Ivanti Connect Secure (ICS) VPN	=9.1-r10
Ivanti Connect Secure (ICS) VPN	=9.1-r11
Ivanti Connect Secure (ICS) VPN	=9.1-r11.5
Ivanti Connect Secure (ICS) VPN	=9.1-r12
Ivanti Connect Secure (ICS) VPN	=9.1-r13
Ivanti Connect Secure (ICS) VPN	=9.1-r14
Ivanti Connect Secure (ICS) VPN	=9.1-r15
Ivanti Connect Secure (ICS) VPN	=9.1-r16
Ivanti Connect Secure (ICS) VPN	=9.1-r17
Ivanti Connect Secure (ICS) VPN	=9.1-r18
Ivanti Connect Secure (ICS) VPN	=9.1-r2
Ivanti Connect Secure (ICS) VPN	=9.1-r3
Ivanti Connect Secure (ICS) VPN	=9.1-r4
Ivanti Connect Secure (ICS) VPN	=9.1-r4.1
Ivanti Connect Secure (ICS) VPN	=9.1-r4.2
Ivanti Connect Secure (ICS) VPN	=9.1-r4.3
Ivanti Connect Secure (ICS) VPN	=9.1-r5
Ivanti Connect Secure (ICS) VPN	=9.1-r6
Ivanti Connect Secure (ICS) VPN	=9.1-r7
Ivanti Connect Secure (ICS) VPN	=9.1-r8
Ivanti Connect Secure (ICS) VPN	=9.1-r9
Ivanti Connect Secure (ICS) VPN	=22.1
Ivanti Connect Secure (ICS) VPN	=22.2
Ivanti Connect Secure (ICS) VPN	=22.3
Ivanti Connect Secure (ICS) VPN	=22.4
Ivanti Connect Secure (ICS) VPN	=22.5
Ivanti Connect Secure (ICS) VPN	=22.6
Pulse Policy Secure	=9.0
Pulse Policy Secure	=9.0-r1
Pulse Policy Secure	=9.0-r2
Pulse Policy Secure	=9.0-r2.1
Pulse Policy Secure	=9.0-r3
Pulse Policy Secure	=9.0-r3.1
Pulse Policy Secure	=9.0-r4
Pulse Policy Secure	=9.1
Pulse Policy Secure	=9.1-r1
Pulse Policy Secure	=9.1-r10
Pulse Policy Secure	=9.1-r11
Pulse Policy Secure	=9.1-r12
Pulse Policy Secure	=9.1-r13
Pulse Policy Secure	=9.1-r14
Pulse Policy Secure	=9.1-r15
Pulse Policy Secure	=9.1-r16
Pulse Policy Secure	=9.1-r17
Pulse Policy Secure	=9.1-r18
Pulse Policy Secure	=9.1-r2
Pulse Policy Secure	=9.1-r3
Pulse Policy Secure	=9.1-r4
Pulse Policy Secure	=9.1-r5
Pulse Policy Secure	=9.1-r6
Pulse Policy Secure	=9.1-r7
Pulse Policy Secure	=9.1-r8
Pulse Policy Secure	=9.1-r9
Pulse Policy Secure	=22.1
Pulse Policy Secure	=22.2
Pulse Policy Secure	=22.3
Pulse Policy Secure	=22.4
Pulse Policy Secure	=22.5
Pulse Policy Secure	=22.6

Never miss a vulnerability like this again

Reference Links

https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Frequently Asked Questions

What is the severity of CVE-2024-22053?
CVE-2024-22053 is considered a critical severity vulnerability due to its potential to cause a denial-of-service (DoS) and allow unauthorized memory access.
How do I fix CVE-2024-22053?
To fix CVE-2024-22053, you should update your Ivanti Connect Secure and Ivanti Policy Secure software to the latest patched versions provided by Ivanti.
What types of systems are affected by CVE-2024-22053?
CVE-2024-22053 affects various versions of Ivanti Connect Secure and Ivanti Policy Secure from 9.x and 22.x series.
What impact does CVE-2024-22053 have on my system?
The impact of CVE-2024-22053 includes potential service crashes and unauthorized access to sensitive memory contents.
Is my version vulnerable to CVE-2024-22053?
You are vulnerable to CVE-2024-22053 if you are running affected versions of Ivanti Connect Secure or Ivanti Policy Secure listed in the vulnerability report.

agent/references
agent/type
agent/description
agent/first-publish-date
agent/event
agent/author
agent/severity
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ivanti
canonical/ivanti connect secure (ics) vpn
version/ivanti connect secure (ics) vpn/9.1-r1
version/ivanti connect secure (ics) vpn/9.1-r10
version/ivanti connect secure (ics) vpn/9.1-r11
version/ivanti connect secure (ics) vpn/9.1-r11.5
version/ivanti connect secure (ics) vpn/9.1-r12
version/ivanti connect secure (ics) vpn/9.1-r13
version/ivanti connect secure (ics) vpn/9.1-r14
version/ivanti connect secure (ics) vpn/9.1-r15
version/ivanti connect secure (ics) vpn/9.1-r16
version/ivanti connect secure (ics) vpn/9.1-r17
version/ivanti connect secure (ics) vpn/9.1-r18
version/ivanti connect secure (ics) vpn/9.1-r2
version/ivanti connect secure (ics) vpn/9.1-r3
version/ivanti connect secure (ics) vpn/9.1-r4
version/ivanti connect secure (ics) vpn/9.1-r4.1
version/ivanti connect secure (ics) vpn/9.1-r4.2
version/ivanti connect secure (ics) vpn/9.1-r4.3
version/ivanti connect secure (ics) vpn/9.1-r5
version/ivanti connect secure (ics) vpn/9.1-r6
version/ivanti connect secure (ics) vpn/9.1-r7
version/ivanti connect secure (ics) vpn/9.1-r8
version/ivanti connect secure (ics) vpn/9.1-r9
version/ivanti connect secure (ics) vpn/22.1
version/ivanti connect secure (ics) vpn/22.2
version/ivanti connect secure (ics) vpn/22.3
version/ivanti connect secure (ics) vpn/22.4
version/ivanti connect secure (ics) vpn/22.5
version/ivanti connect secure (ics) vpn/22.6
canonical/pulse policy secure
version/pulse policy secure/9.0
version/pulse policy secure/9.0-r1
version/pulse policy secure/9.0-r2
version/pulse policy secure/9.0-r2.1
version/pulse policy secure/9.0-r3
version/pulse policy secure/9.0-r3.1
version/pulse policy secure/9.0-r4
version/pulse policy secure/9.1
version/pulse policy secure/9.1-r1
version/pulse policy secure/9.1-r10
version/pulse policy secure/9.1-r11
version/pulse policy secure/9.1-r12
version/pulse policy secure/9.1-r13
version/pulse policy secure/9.1-r14
version/pulse policy secure/9.1-r15
version/pulse policy secure/9.1-r16
version/pulse policy secure/9.1-r17
version/pulse policy secure/9.1-r18
version/pulse policy secure/9.1-r2
version/pulse policy secure/9.1-r3
version/pulse policy secure/9.1-r4
version/pulse policy secure/9.1-r5
version/pulse policy secure/9.1-r6
version/pulse policy secure/9.1-r7
version/pulse policy secure/9.1-r8
version/pulse policy secure/9.1-r9
version/pulse policy secure/22.1
version/pulse policy secure/22.2
version/pulse policy secure/22.3
version/pulse policy secure/22.4
version/pulse policy secure/22.5
version/pulse policy secure/22.6