What is the severity of CVE-2024-47909?

The severity of CVE-2024-47909 is considered high due to its potential to cause denial of service.

How do I fix CVE-2024-47909?

To fix CVE-2024-47909, upgrade to Ivanti Connect Secure version 22.7R2.3 or Ivanti Policy Secure version 22.7R1.2 or later.

Who can exploit CVE-2024-47909?

CVE-2024-47909 can be exploited by a remote authenticated attacker with admin privileges.

What impact does CVE-2024-47909 have on affected systems?

CVE-2024-47909 can lead to a denial of service condition on the affected systems.

Which versions of Ivanti software are affected by CVE-2024-47909?

CVE-2024-47909 affects Ivanti Connect Secure versions prior to 22.7R2.3 and Ivanti Policy Secure versions prior to 22.7R1.2.

Vulnerability/
CVE-2024-47909

medium

4.9

CWE

121 119 787

12/11/2024

19/11/2024

CVE-2024-47909: Buffer Overflow

First published: Tue Nov 12 2024(Updated: )

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

Credit: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Affected Software	Affected Version	How to fix
Ivanti Connect Secure (ICS) VPN	<22.7
Ivanti Connect Secure (ICS) VPN	=22.7
Ivanti Connect Secure (ICS) VPN	=22.7-r1
Ivanti Connect Secure (ICS) VPN	=22.7-r1.1
Ivanti Connect Secure (ICS) VPN	=22.7-r1.2
Ivanti Connect Secure (ICS) VPN	=22.7-r1.3
Ivanti Connect Secure (ICS) VPN	=22.7-r1.4
Ivanti Connect Secure (ICS) VPN	=22.7-r1.5
Ivanti Connect Secure (ICS) VPN	=22.7-r2
Ivanti Connect Secure (ICS) VPN	=22.7-r2.1
Ivanti Connect Secure (ICS) VPN	=22.7-r2.2
Pulse Policy Secure	<22.7
Pulse Policy Secure	=22.7
Pulse Policy Secure	=22.7-r1
Pulse Policy Secure	=22.7-r1.1

Never miss a vulnerability like this again

Reference Links

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

Frequently Asked Questions

What is the severity of CVE-2024-47909?
The severity of CVE-2024-47909 is considered high due to its potential to cause denial of service.
How do I fix CVE-2024-47909?
To fix CVE-2024-47909, upgrade to Ivanti Connect Secure version 22.7R2.3 or Ivanti Policy Secure version 22.7R1.2 or later.
Who can exploit CVE-2024-47909?
CVE-2024-47909 can be exploited by a remote authenticated attacker with admin privileges.
What impact does CVE-2024-47909 have on affected systems?
CVE-2024-47909 can lead to a denial of service condition on the affected systems.
Which versions of Ivanti software are affected by CVE-2024-47909?
CVE-2024-47909 affects Ivanti Connect Secure versions prior to 22.7R2.3 and Ivanti Policy Secure versions prior to 22.7R1.2.

agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ivanti
canonical/ivanti connect secure (ics) vpn
version/ivanti connect secure (ics) vpn/22.7
version/ivanti connect secure (ics) vpn/22.7-r1
version/ivanti connect secure (ics) vpn/22.7-r1.1
version/ivanti connect secure (ics) vpn/22.7-r1.2
version/ivanti connect secure (ics) vpn/22.7-r1.3
version/ivanti connect secure (ics) vpn/22.7-r1.4
version/ivanti connect secure (ics) vpn/22.7-r1.5
version/ivanti connect secure (ics) vpn/22.7-r2
version/ivanti connect secure (ics) vpn/22.7-r2.1
version/ivanti connect secure (ics) vpn/22.7-r2.2
canonical/pulse policy secure
version/pulse policy secure/22.7
version/pulse policy secure/22.7-r1
version/pulse policy secure/22.7-r1.1