Executive Risk Summary
"A null pointer dereference vulnerability in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests to crash the service, causing a DoS attack. This vulnerability can be exploited to disrupt the availability of the service, potentially impacting business operations."
Operational Audit Arsenal
Target Type Service
Target Asset IPSec Service
Standard Path Global Configuration
Manual Verification Required
This is a non-Windows asset (Ivanti). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Moderate
Internal Work Notes
CVE-2024-22052: Null pointer dereference vulnerability in Ivanti Connect Secure IPSec component, potentially causing a DoS attack. Apply vendor patch to mitigate risk.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttps://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Official Advisoryhttps://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Related Ivanti Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.