CVE-2024-38649

Published: Nov 13, 2024Modified: Jul 16, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

Affected (11)

Products: Ivanti: Connect Secure

Ivanti

1 product

Connect Secure

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Before 9.1
Ivanti Connect Secure	From 21.9 to 22.7
Ivanti Connect Secure	Version 22.7
Ivanti Connect Secure	Version 22.7 r1.1
Ivanti Connect Secure	Version 22.7 r1.2
Ivanti Connect Secure	Version 22.7 r1.3
Ivanti Connect Secure	Version 22.7 r1.4
Ivanti Connect Secure	Version 22.7 r1.5
Ivanti Connect Secure	Version 22.7 r1
Ivanti Connect Secure	Version 22.7 r2
Ivanti Connect Secure	Version 9.1

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (1)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

Source: support@hackerone.com

Vendor Advisory

Timeline

No history available yet.