Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHackeroneCVE-2022-35258
HistoryDec 05, 2022 - 10:15 p.m.

CVE-2022-35258

2022-12-0522:15:10
CWE-682
CWE-128
hackerone
web.nvd.nist.gov
49
cve-2022-35258
denial of service
dos
ivanti
connect secure
policy secure
neurons
vulnerability
security advisory
nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.3%

JSON

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Affected configurations

Nvd
Node
ivanticonnect_secureRange<9.1
OR
ivanticonnect_secureMatch9.1-
OR
ivanticonnect_secureMatch9.1r1
OR
ivanticonnect_secureMatch9.1r1.0
OR
ivanticonnect_secureMatch9.1r10.0
OR
ivanticonnect_secureMatch9.1r10.2
OR
ivanticonnect_secureMatch9.1r11.0
OR
ivanticonnect_secureMatch9.1r11.1
OR
ivanticonnect_secureMatch9.1r11.3
OR
ivanticonnect_secureMatch9.1r11.4
OR
ivanticonnect_secureMatch9.1r11.5
OR
ivanticonnect_secureMatch9.1r12
OR
ivanticonnect_secureMatch9.1r12.1
OR
ivanticonnect_secureMatch9.1r12.2
OR
ivanticonnect_secureMatch9.1r13
OR
ivanticonnect_secureMatch9.1r13.1
OR
ivanticonnect_secureMatch9.1r14
OR
ivanticonnect_secureMatch9.1r15
OR
ivanticonnect_secureMatch9.1r16
OR
ivanticonnect_secureMatch9.1r16.1
OR
ivanticonnect_secureMatch9.1r2
OR
ivanticonnect_secureMatch9.1r2.0
OR
ivanticonnect_secureMatch9.1r3
OR
ivanticonnect_secureMatch9.1r3.0
OR
ivanticonnect_secureMatch9.1r4
OR
ivanticonnect_secureMatch9.1r4.0
OR
ivanticonnect_secureMatch9.1r4.1
OR
ivanticonnect_secureMatch9.1r4.2
OR
ivanticonnect_secureMatch9.1r4.3
OR
ivanticonnect_secureMatch9.1r5
OR
ivanticonnect_secureMatch9.1r5.0
OR
ivanticonnect_secureMatch9.1r6
OR
ivanticonnect_secureMatch9.1r6.0
OR
ivanticonnect_secureMatch9.1r7
OR
ivanticonnect_secureMatch9.1r7.0
OR
ivanticonnect_secureMatch9.1r8
OR
ivanticonnect_secureMatch9.1r8.0
OR
ivanticonnect_secureMatch9.1r8.1
OR
ivanticonnect_secureMatch9.1r8.2
OR
ivanticonnect_secureMatch9.1r8.4
OR
ivanticonnect_secureMatch9.1r9
OR
ivanticonnect_secureMatch9.1r9.0
OR
ivanticonnect_secureMatch9.1r9.1
OR
ivanticonnect_secureMatch9.1r9.2
OR
ivanticonnect_secureMatch21.9r1
OR
ivanticonnect_secureMatch21.12r1
OR
ivanticonnect_secureMatch22.1r1
OR
ivanticonnect_secureMatch22.2-
OR
ivanticonnect_secureMatch22.2r1
OR
ivantineurons_for_zero-trust_accessMatch22.2r1
OR
ivantipolicy_secureRange<9.1
OR
ivantipolicy_secureMatch9.1-
OR
ivantipolicy_secureMatch9.1r1
OR
ivantipolicy_secureMatch9.1r10
OR
ivantipolicy_secureMatch9.1r11
OR
ivantipolicy_secureMatch9.1r12
OR
ivantipolicy_secureMatch9.1r13
OR
ivantipolicy_secureMatch9.1r13.1
OR
ivantipolicy_secureMatch9.1r14
OR
ivantipolicy_secureMatch9.1r15
OR
ivantipolicy_secureMatch9.1r16
OR
ivantipolicy_secureMatch9.1r2
OR
ivantipolicy_secureMatch9.1r3
OR
ivantipolicy_secureMatch9.1r3.1
OR
ivantipolicy_secureMatch9.1r4
OR
ivantipolicy_secureMatch9.1r4.1
OR
ivantipolicy_secureMatch9.1r4.2
OR
ivantipolicy_secureMatch9.1r5
OR
ivantipolicy_secureMatch9.1r6
OR
ivantipolicy_secureMatch9.1r7
OR
ivantipolicy_secureMatch9.1r8
OR
ivantipolicy_secureMatch9.1r8.1
OR
ivantipolicy_secureMatch9.1r8.2
OR
ivantipolicy_secureMatch9.1r9
OR
ivantipolicy_secureMatch22.1r1
OR
ivantipolicy_secureMatch22.2r1
VendorProductVersionCPE
ivanticonnect_secure*cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
ivanticonnect_secure9.1cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
Rows per page:
1-10 of 761

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway",
    "versions": [
      {
        "version": "ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1",
        "status": "affected"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2022-35258
2022-12-05 00:00:00
prion
prion
Code injection
2022-12-05 22:15:00
nvd
nvd
CVE-2022-35258
2022-12-05 22:15:10

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.3%

JSON
Related for CVE-2022-35258
cvelist1prion1nvd1