CVE-2023-39340

Published: Dec 16, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

Affected (60)

Products: Ivanti: Connect Secure

Ivanti

1 product

Connect Secure

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 22.1 r1
Ivanti Connect Secure	Version 22.1 r6
Ivanti Connect Secure	Version 22.2
Ivanti Connect Secure	Version 22.2 r1
Ivanti Connect Secure	Version 22.3 r1
Ivanti Connect Secure	Version 22.4 r1
Ivanti Connect Secure	Version 22.4 r2.1
Ivanti Connect Secure	Version 22.5 r2.1

Configuration B

50 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 9.1 r1.0
Ivanti Connect Secure	Version 9.1 r10.0
Ivanti Connect Secure	Version 9.1 r10.2
Ivanti Connect Secure	Version 9.1 r10
Ivanti Connect Secure	Version 9.1 r11.0
Ivanti Connect Secure	Version 9.1 r11.1
Ivanti Connect Secure	Version 9.1 r11.3
Ivanti Connect Secure	Version 9.1 r11.4
Ivanti Connect Secure	Version 9.1 r11.5
Ivanti Connect Secure	Version 9.1 r11
Ivanti Connect Secure	Version 9.1 r12.1
Ivanti Connect Secure	Version 9.1 r12.2
Ivanti Connect Secure	Version 9.1 r12
Ivanti Connect Secure	Version 9.1 r13.1
Ivanti Connect Secure	Version 9.1 r13
Ivanti Connect Secure	Version 9.1 r14.4
Ivanti Connect Secure	Version 9.1 r14
Ivanti Connect Secure	Version 9.1 r15.2
Ivanti Connect Secure	Version 9.1 r15
Ivanti Connect Secure	Version 9.1 r16.1
Ivanti Connect Secure	Version 9.1 r16
Ivanti Connect Secure	Version 9.1 r17.1
Ivanti Connect Secure	Version 9.1 r17.2
Ivanti Connect Secure	Version 9.1 r17
Ivanti Connect Secure	Version 9.1 r18.1
Ivanti Connect Secure	Version 9.1 r18
Ivanti Connect Secure	Version 9.1 r1
Ivanti Connect Secure	Version 9.1 r2.0
Ivanti Connect Secure	Version 9.1 r2
Ivanti Connect Secure	Version 9.1 r3.0
Ivanti Connect Secure	Version 9.1 r3
Ivanti Connect Secure	Version 9.1 r4.0
Ivanti Connect Secure	Version 9.1 r4.1
Ivanti Connect Secure	Version 9.1 r4.2
Ivanti Connect Secure	Version 9.1 r4.3
Ivanti Connect Secure	Version 9.1 r4
Ivanti Connect Secure	Version 9.1 r5.0
Ivanti Connect Secure	Version 9.1 r5
Ivanti Connect Secure	Version 9.1 r6.0
Ivanti Connect Secure	Version 9.1 r6
Ivanti Connect Secure	Version 9.1 r7.0
Ivanti Connect Secure	Version 9.1 r7
Ivanti Connect Secure	Version 9.1 r8.0
Ivanti Connect Secure	Version 9.1 r8.1
Ivanti Connect Secure	Version 9.1 r8.2
Ivanti Connect Secure	Version 9.1 r8.4
Ivanti Connect Secure	Version 9.1 r8
Ivanti Connect Secure	Version 9.1 r9.0
Ivanti Connect Secure	Version 9.1 r9.1
Ivanti Connect Secure	Version 9.1 r9

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Version 22.6
Ivanti Connect Secure	Version 22.6 r1

References (2)

https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US

Source: support@hackerone.com

Vendor Advisory

https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.