CVE-2023-39340:

7.5 CVSS

Description

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

Classification

CVE ID: CVE-2023-39340

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

Affected Products

Vendor: Ivanti

Product: Connect Secure

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 36.25% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US

Timeline

2024-11-28 00:11:38 UTC
CVE