CVE-2024-29205

HIGH

Ivanti Connect/Ivanti Policy <9.x,22.x - Info Disclosure

Title source: llm

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

References (1)

[Various Sources] https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Scores

CVSS v3 7.5

EPSS 0.0271

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-703

Status published

Products (19)

Ivanti/Connect Secure 22.1R6.2

Ivanti/Connect Secure 22.2R3

Ivanti/Connect Secure 22.2R4.2

Ivanti/Connect Secure 22.3R1.2

Ivanti/Connect Secure 22.4R1.2

Ivanti/Connect Secure 22.4R2.4

Ivanti/Connect Secure 22.5R1.3

Ivanti/Connect Secure 22.5R2.4

Ivanti/Connect Secure 22.6R1.2

Ivanti/Connect Secure 22.6R2.3

... and 9 more

Published Apr 25, 2024

Tracked Since Feb 18, 2026