Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-37377

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-11 Dec, 2024 | 18:52
Updated At-12 Dec, 2024 | 14:46
Rejected At-
Credits

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:11 Dec, 2024 | 18:52
Updated At:12 Dec, 2024 | 14:46
Rejected At:
▼CVE Numbering Authority (CNA)

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

Affected Products
Vendor
Ivanti SoftwareIvanti
Product
Connect Secure
Default Status
unaffected
Versions
Affected
  • From 22.7R2.3 before 22.7R2.3 (custom)
Metrics
VersionBase scoreBase severityVector
3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
N/A
Hyperlink: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:12 Dec, 2024 | 01:55
Updated At:02 Jul, 2025 | 20:26

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Ivanti Software
ivanti
>>connect_secure>>Versions before 22.7(exclusive)
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*
Ivanti Software
ivanti
>>connect_secure>>22.7
cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>Versions before 22.7(exclusive)
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>22.7
cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>22.7
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*
Ivanti Software
ivanti
>>policy_secure>>22.7
cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEssupport@hackerone.com
Vendor Advisory
Hyperlink: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
Source: support@hackerone.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found