CVE-2024-37377

CVSS 3.0 Score 7.5 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 787

Summary

CVE-2024-37377 denotes a heap-based buffer overflow flaw in Ivanti Connect Secure's IPsec module, prior to version 22.7R2.3. This vulnerability permits an unauthenticated remote attacker to induce a denial-of-service condition. By sending specially crafted packets to exploit the buffer overflow, an attacker can cause IPsec to crash, preventing legitimate users from accessing the service. This issue poses a significant risk to organizations using the affected version, requiring immediate patching to mitigate the impact.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share