CVE-2024-29205

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

Affected Software

VendorProductVersion RangeStatus
IvantiConnect Secure9.1R18.5 < 9.1R18.5affected
IvantiConnect Secure22.6R2.3 < 22.6R2.3affected
IvantiConnect Secure9.1R17.4 < 9.1R17.4affected
IvantiConnect Secure22.2R3 < 22.2R3affected
IvantiConnect Secure22.5R2.4 < 22.5R2.4affected
IvantiConnect Secure9.1R14.6 < 9.1R14.6affected
IvantiConnect Secure9.1R16.4 < 9.1R16.4affected
IvantiConnect Secure9.1R15.4 < 9.1R15.4affected
IvantiConnect Secure22.2R4.2 < 22.2R4.2affected
IvantiConnect Secure22.4R1.2 < 22.4R1.2affected
IvantiConnect Secure22.6R1.2 < 22.6R1.2affected
IvantiConnect Secure22.1R6.2 < 22.1R6.2affected
IvantiConnect Secure22.3R1.2 < 22.3R1.2affected
IvantiConnect Secure22.4R2.4 < 22.4R2.4affected
IvantiConnect Secure22.5R1.3 < 22.5R1.3affected
IvantiPolicy Secure22.5R1.3 < 22.5R1.3affected
IvantiPolicy Secure9.1R18.5 < 9.1R18.5affected
IvantiPolicy Secure9.1R17.4 < 9.1R17.4affected
IvantiPolicy Secure22.2R3 < 22.2R3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References