What is the severity of CVE-2024-47905?

CVE-2024-47905 has a high severity rating due to its potential for remote denial of service by authenticated attackers.

How do I fix CVE-2024-47905?

To fix CVE-2024-47905, update Ivanti Connect Secure to version 22.7R2.3 or later and Ivanti Policy Secure to version 22.7R1.2 or later.

What software is affected by CVE-2024-47905?

CVE-2024-47905 affects Ivanti Connect Secure versions prior to 22.7R2.3 and Ivanti Policy Secure versions prior to 22.7R1.2.

Can CVE-2024-47905 be exploited remotely?

Yes, CVE-2024-47905 can be exploited remotely by an authenticated user with admin privileges.

What type of vulnerability is CVE-2024-47905?

CVE-2024-47905 is a stack-based buffer overflow vulnerability leading to potential denial of service.

Vulnerability/
CVE-2024-47905

medium

4.9

CWE

121 119 787

12/11/2024

18/11/2024

CVE-2024-47905: Buffer Overflow

First published: Tue Nov 12 2024(Updated: )

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

Credit: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Affected Software	Affected Version	How to fix
Ivanti Connect Secure (ICS) VPN	<22.7
Ivanti Connect Secure (ICS) VPN	=22.7
Ivanti Connect Secure (ICS) VPN	=22.7-r1
Ivanti Connect Secure (ICS) VPN	=22.7-r1.1
Ivanti Connect Secure (ICS) VPN	=22.7-r1.2
Ivanti Connect Secure (ICS) VPN	=22.7-r1.3
Ivanti Connect Secure (ICS) VPN	=22.7-r1.4
Ivanti Connect Secure (ICS) VPN	=22.7-r1.5
Ivanti Connect Secure (ICS) VPN	=22.7-r2
Ivanti Connect Secure (ICS) VPN	=22.7-r2.1
Ivanti Connect Secure (ICS) VPN	=22.7-r2.2
Pulse Policy Secure	<22.7
Pulse Policy Secure	=22.7
Pulse Policy Secure	=22.7-r1
Pulse Policy Secure	=22.7-r1.1

Never miss a vulnerability like this again

Reference Links

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

Frequently Asked Questions

What is the severity of CVE-2024-47905?
CVE-2024-47905 has a high severity rating due to its potential for remote denial of service by authenticated attackers.
How do I fix CVE-2024-47905?
To fix CVE-2024-47905, update Ivanti Connect Secure to version 22.7R2.3 or later and Ivanti Policy Secure to version 22.7R1.2 or later.
What software is affected by CVE-2024-47905?
CVE-2024-47905 affects Ivanti Connect Secure versions prior to 22.7R2.3 and Ivanti Policy Secure versions prior to 22.7R1.2.
Can CVE-2024-47905 be exploited remotely?
Yes, CVE-2024-47905 can be exploited remotely by an authenticated user with admin privileges.
What type of vulnerability is CVE-2024-47905?
CVE-2024-47905 is a stack-based buffer overflow vulnerability leading to potential denial of service.

agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ivanti
canonical/ivanti connect secure (ics) vpn
version/ivanti connect secure (ics) vpn/22.7
version/ivanti connect secure (ics) vpn/22.7-r1
version/ivanti connect secure (ics) vpn/22.7-r1.1
version/ivanti connect secure (ics) vpn/22.7-r1.2
version/ivanti connect secure (ics) vpn/22.7-r1.3
version/ivanti connect secure (ics) vpn/22.7-r1.4
version/ivanti connect secure (ics) vpn/22.7-r1.5
version/ivanti connect secure (ics) vpn/22.7-r2
version/ivanti connect secure (ics) vpn/22.7-r2.1
version/ivanti connect secure (ics) vpn/22.7-r2.2
canonical/pulse policy secure
version/pulse policy secure/22.7
version/pulse policy secure/22.7-r1
version/pulse policy secure/22.7-r1.1