CVE-2024-38649
HIGH EPSS 76.6%
Published Nov 13, 20241y ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
Published Nov 13, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
76.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| ivanti | connect_secure | * | <9.1 |
| ivanti | connect_secure | * | ≥21.9 – <22.7 |
| ivanti | connect_secure | 9.1 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
| ivanti | connect_secure | 22.7 | any |
References 1
- forums.ivanti.com https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.