mickmick.net

Ivanti Products Multiple Vulnerabilities

Release Date: 5 Apr 2024

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities have been identified in Ivanti Products. A remote attacker could exploit these vulnerability to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution
• Information Disclosure

---

System / Technologies affected

• Ivanti Connect Secure version 9.X
• Ivanti Connect Secure version 22.X
• Ivanti Policy Secure version 9.X
• Ivanti Policy Secure version 22.X

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways

---

Vulnerability Identifier

• CVE-2024-21894
• CVE-2024-22023
• CVE-2024-22052
• CVE-2024-22053

---

Source

• Ivanti

---

Related Link

• https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways