Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-35254
HistoryDec 05, 2022 - 10:15 p.m.

CVE-2022-35254

2022-12-0522:15:10
CWE-400
CWE-416
[email protected]
web.nvd.nist.gov
51
cve-2022-35254
ivanti
denial of service
vulnerability
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.3%

JSON

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Affected configurations

NVD
Node
ivanticonnect_secureRange<9.1
OR
ivanticonnect_secureMatch9.1-
OR
ivanticonnect_secureMatch9.1r1
OR
ivanticonnect_secureMatch9.1r1.0
OR
ivanticonnect_secureMatch9.1r10.0
OR
ivanticonnect_secureMatch9.1r10.2
OR
ivanticonnect_secureMatch9.1r11.0
OR
ivanticonnect_secureMatch9.1r11.1
OR
ivanticonnect_secureMatch9.1r11.3
OR
ivanticonnect_secureMatch9.1r11.4
OR
ivanticonnect_secureMatch9.1r11.5
OR
ivanticonnect_secureMatch9.1r12
OR
ivanticonnect_secureMatch9.1r12.1
OR
ivanticonnect_secureMatch9.1r12.2
OR
ivanticonnect_secureMatch9.1r13
OR
ivanticonnect_secureMatch9.1r13.1
OR
ivanticonnect_secureMatch9.1r14
OR
ivanticonnect_secureMatch9.1r15
OR
ivanticonnect_secureMatch9.1r16
OR
ivanticonnect_secureMatch9.1r16.1
OR
ivanticonnect_secureMatch9.1r2
OR
ivanticonnect_secureMatch9.1r2.0
OR
ivanticonnect_secureMatch9.1r3
OR
ivanticonnect_secureMatch9.1r3.0
OR
ivanticonnect_secureMatch9.1r4
OR
ivanticonnect_secureMatch9.1r4.0
OR
ivanticonnect_secureMatch9.1r4.1
OR
ivanticonnect_secureMatch9.1r4.2
OR
ivanticonnect_secureMatch9.1r4.3
OR
ivanticonnect_secureMatch9.1r5
OR
ivanticonnect_secureMatch9.1r5.0
OR
ivanticonnect_secureMatch9.1r6
OR
ivanticonnect_secureMatch9.1r6.0
OR
ivanticonnect_secureMatch9.1r7
OR
ivanticonnect_secureMatch9.1r7.0
OR
ivanticonnect_secureMatch9.1r8
OR
ivanticonnect_secureMatch9.1r8.0
OR
ivanticonnect_secureMatch9.1r8.1
OR
ivanticonnect_secureMatch9.1r8.2
OR
ivanticonnect_secureMatch9.1r8.4
OR
ivanticonnect_secureMatch9.1r9
OR
ivanticonnect_secureMatch9.1r9.0
OR
ivanticonnect_secureMatch9.1r9.1
OR
ivanticonnect_secureMatch9.1r9.2
OR
ivanticonnect_secureMatch21.9r1
OR
ivanticonnect_secureMatch21.12r1
OR
ivanticonnect_secureMatch22.1r1
OR
ivanticonnect_secureMatch22.2-
OR
ivanticonnect_secureMatch22.2r1
OR
ivantineurons_for_zero-trust_accessMatch22.2r1
OR
ivantipolicy_secureRange<9.1
OR
ivantipolicy_secureMatch9.1-
OR
ivantipolicy_secureMatch9.1r1
OR
ivantipolicy_secureMatch9.1r10
OR
ivantipolicy_secureMatch9.1r11
OR
ivantipolicy_secureMatch9.1r12
OR
ivantipolicy_secureMatch9.1r13
OR
ivantipolicy_secureMatch9.1r13.1
OR
ivantipolicy_secureMatch9.1r14
OR
ivantipolicy_secureMatch9.1r15
OR
ivantipolicy_secureMatch9.1r16
OR
ivantipolicy_secureMatch9.1r2
OR
ivantipolicy_secureMatch9.1r3
OR
ivantipolicy_secureMatch9.1r3.1
OR
ivantipolicy_secureMatch9.1r4
OR
ivantipolicy_secureMatch9.1r4.1
OR
ivantipolicy_secureMatch9.1r4.2
OR
ivantipolicy_secureMatch9.1r5
OR
ivantipolicy_secureMatch9.1r6
OR
ivantipolicy_secureMatch9.1r7
OR
ivantipolicy_secureMatch9.1r8
OR
ivantipolicy_secureMatch9.1r8.1
OR
ivantipolicy_secureMatch9.1r8.2
OR
ivantipolicy_secureMatch9.1r9
OR
ivantipolicy_secureMatch22.1r1
OR
ivantipolicy_secureMatch22.2r1

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway",
    "versions": [
      {
        "version": "ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4 and 22.2R1, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Code injection
2022-12-05 22:15:00
cvelist
cvelist
CVE-2022-35254
2022-12-05 00:00:00
nvd
nvd
CVE-2022-35254
2022-12-05 22:15:10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.3%

JSON
Related for CVE-2022-35254
prion1cvelist1nvd1