Ivanti Policy Secure 9.x / 22.x Multiple Vulnerabilities (CVE-2024-21894)

critical Nessus Plugin ID 192927

Synopsis

A NAC solution installed on the remote host is affected by multiple vulnerabilities.

Description

The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by multiple vulnerabilities:

- A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code. (CVE-2024-21894)

- A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. (CVE-2024-22052)

- A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. (CVE-2024-22053)

- An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. (CVE-2024-22023)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

See vendor advisory.

See Also

http://www.nessus.org/u?65301712

Plugin Details

Severity: Critical

ID: 192927

File Name: ivanti_policy_secure_CVE-2024-21894.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 4/4/2024

Updated: 11/15/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-21894

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:pulsesecure:pulse_policy_secure

Required KB Items: installed_sw/Pulse Policy Secure

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/2/2024

Vulnerability Publication Date: 4/2/2024

Reference Information

CVE: CVE-2024-21894, CVE-2024-22023, CVE-2024-22052, CVE-2024-22053

IAVA: 2024-A-0201-S