Login Sign Up

CVE-2023-39340

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Ivanti Connect Secure allows attackers to send specific requests that can cause a Denial of Service (DoS), potentially making the appliance unavailable. All versions below 22.6R2 are affected, impacting organizations using this VPN/remote access solution.

💻 Affected Systems

Products:
  • Ivanti Connect Secure (formerly Pulse Connect Secure)
Versions: All versions below 22.6R2
Operating Systems: Ivanti Connect Secure appliance OS
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

Connect Secure by Ivanti

View all CVEs affecting Connect Secure →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of the Connect Secure appliance, disrupting remote access for all users and potentially affecting business operations.

🟠

Likely Case

Intermittent service disruptions or performance degradation of the VPN/remote access service.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring in place to detect and block attack attempts.

🌐 Internet-Facing: HIGH - Connect Secure appliances are typically internet-facing to provide remote access, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires sending specific requests but does not require authentication, making exploitation relatively straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.6R2 or later

Vendor Advisory: https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US

Restart Required: Yes

Instructions:

1. Download the 22.6R2 or later firmware from Ivanti support portal. 2. Backup current configuration. 3. Apply the firmware update through the admin interface. 4. Reboot the appliance as required.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to Connect Secure appliances to trusted IP addresses only

Rate Limiting

all

Implement rate limiting on network devices to limit DoS attack effectiveness

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to Connect Secure appliances
  • Deploy additional monitoring and alerting for unusual traffic patterns to the appliances

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the Connect Secure admin interface under System > Maintenance > Version

Check Version:

Not applicable - version check is done through web admin interface

Verify Fix Applied:

Verify the firmware version shows 22.6R2 or later after patching

📡 Detection & Monitoring

Log Indicators:

  • Unusual request patterns to the appliance
  • Service restart or crash logs
  • High resource utilization alerts

Network Indicators:

  • Unusual traffic spikes to Connect Secure ports
  • Repeated specific request patterns from single sources

SIEM Query:

source="ivanti_connect_secure" AND (event_type="service_restart" OR event_type="high_cpu" OR event_type="high_memory")

📊 Metadata

CVE ID: CVE-2023-39340
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: December 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON