CVE-2024-37377
NONE EPSS 74.3%
Published Dec 12, 20241y ago · Modified Jun 17, 20261w ago
Published Dec 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
Threat Intelligence
EPSS Exploit Probability
74.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 16
| Vendor | Product | Version | Range |
|---|---|---|---|
| ivanti | connect_secure | * | <22.7 |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | policy_secure | * | <22.7 |
| ivanti | policy_secure | 22.7 | any |
| ivanti | policy_secure | 22.7 | any |
| ivanti | policy_secure | 22.7 | any |
References 1
- forums.ivanti.com https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.