CVE-2024-37400: 
Ivanti Connect Secure vulnerability analysis and mitigation

An out-of-bounds read vulnerability (CVE-2024-37400) affects Ivanti Connect Secure versions before 22.7R2.3. This vulnerability was discovered and disclosed in November 2024, impacting the Ivanti Connect Secure product line. The vulnerability allows remote unauthenticated attackers to trigger an infinite loop, potentially causing system disruption (NVD, ASEC).

The vulnerability is classified as an out-of-bounds read error that can lead to an infinite loop condition. It has received a CVSS v3.0 base score of 7.5 (HIGH) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is tracked under CWE-125 (Out-of-bounds Read) (NVD).

When exploited, CVE-2024-37400 can result in a denial of service (DoS) condition through the triggering of an infinite loop. The vulnerability's impact is particularly significant as it can be exploited by unauthenticated remote attackers, potentially affecting system availability (SecurityOnline).

Ivanti has released version 22.7R2.3 of Connect Secure to address this vulnerability. Organizations using affected versions are strongly advised to upgrade to this latest version to mitigate the risk (ASEC).