CVE-2024-37401

CVSS 3.0 Score 7.5 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 125

Summary

CVE-2024-37401 is a newly disclosed vulnerability affecting Ivanti Connect Secure before version 22.7R2.1. This issue involves an out-of-bounds read in IPsec, a security protocol used by Ivanti. An attacker can exploit this flaw remotely and without authentication to induce a denial of service. The vulnerability could allow the attacker to read memory outside of the intended bounds, potentially leading to system instability or crashes. Users are strongly advised to update their Ivanti Connect Secure installations to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share