CVE-2022-35258

EPSS 0.71%
Published 05.12.2022 22:15:10
Last modified 21.11.2024 07:10:59
Source support@hackerone.com
Teams watchlist Login
Open Login

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Affected products Warnungen 0 Metrics 2 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Ivanti ≫ Connect Secure Version < 9.1

Ivanti ≫ Connect Secure Version9.1 Update-

Ivanti ≫ Connect Secure Version9.1 Updater1

Ivanti ≫ Connect Secure Version9.1 Updater1.0

Ivanti ≫ Connect Secure Version9.1 Updater10.0

Ivanti ≫ Connect Secure Version9.1 Updater10.2

Ivanti ≫ Connect Secure Version9.1 Updater11.0

Ivanti ≫ Connect Secure Version9.1 Updater11.1

Ivanti ≫ Connect Secure Version9.1 Updater11.3

Ivanti ≫ Connect Secure Version9.1 Updater11.4

Ivanti ≫ Connect Secure Version9.1 Updater11.5

Ivanti ≫ Connect Secure Version9.1 Updater12

Ivanti ≫ Connect Secure Version9.1 Updater12.1

Ivanti ≫ Connect Secure Version9.1 Updater12.2

Ivanti ≫ Connect Secure Version9.1 Updater13

Ivanti ≫ Connect Secure Version9.1 Updater13.1

Ivanti ≫ Connect Secure Version9.1 Updater14

Ivanti ≫ Connect Secure Version9.1 Updater15

Ivanti ≫ Connect Secure Version9.1 Updater16

Ivanti ≫ Connect Secure Version9.1 Updater16.1

Ivanti ≫ Connect Secure Version9.1 Updater2

Ivanti ≫ Connect Secure Version9.1 Updater2.0

Ivanti ≫ Connect Secure Version9.1 Updater3

Ivanti ≫ Connect Secure Version9.1 Updater3.0

Ivanti ≫ Connect Secure Version9.1 Updater4

Ivanti ≫ Connect Secure Version9.1 Updater4.0

Ivanti ≫ Connect Secure Version9.1 Updater4.1

Ivanti ≫ Connect Secure Version9.1 Updater4.2

Ivanti ≫ Connect Secure Version9.1 Updater4.3

Ivanti ≫ Connect Secure Version9.1 Updater5

Ivanti ≫ Connect Secure Version9.1 Updater5.0

Ivanti ≫ Connect Secure Version9.1 Updater6

Ivanti ≫ Connect Secure Version9.1 Updater6.0

Ivanti ≫ Connect Secure Version9.1 Updater7

Ivanti ≫ Connect Secure Version9.1 Updater7.0

Ivanti ≫ Connect Secure Version9.1 Updater8

Ivanti ≫ Connect Secure Version9.1 Updater8.0

Ivanti ≫ Connect Secure Version9.1 Updater8.1

Ivanti ≫ Connect Secure Version9.1 Updater8.2

Ivanti ≫ Connect Secure Version9.1 Updater8.4

Ivanti ≫ Connect Secure Version9.1 Updater9

Ivanti ≫ Connect Secure Version9.1 Updater9.0

Ivanti ≫ Connect Secure Version9.1 Updater9.1

Ivanti ≫ Connect Secure Version9.1 Updater9.2

Ivanti ≫ Connect Secure Version21.9 Updater1

Ivanti ≫ Connect Secure Version21.12 Updater1

Ivanti ≫ Connect Secure Version22.1 Updater1

Ivanti ≫ Connect Secure Version22.2 Update-

Ivanti ≫ Connect Secure Version22.2 Updater1

Ivanti ≫ Neurons For Zero-trust Access Version22.2 Updater1

Ivanti ≫ Policy Secure Version < 9.1

Ivanti ≫ Policy Secure Version9.1 Update-

Ivanti ≫ Policy Secure Version9.1 Updater1

Ivanti ≫ Policy Secure Version9.1 Updater10

Ivanti ≫ Policy Secure Version9.1 Updater11

Ivanti ≫ Policy Secure Version9.1 Updater12

Ivanti ≫ Policy Secure Version9.1 Updater13

Ivanti ≫ Policy Secure Version9.1 Updater13.1

Ivanti ≫ Policy Secure Version9.1 Updater14

Ivanti ≫ Policy Secure Version9.1 Updater15

Ivanti ≫ Policy Secure Version9.1 Updater16

Ivanti ≫ Policy Secure Version9.1 Updater2

Ivanti ≫ Policy Secure Version9.1 Updater3

Ivanti ≫ Policy Secure Version9.1 Updater3.1

Ivanti ≫ Policy Secure Version9.1 Updater4

Ivanti ≫ Policy Secure Version9.1 Updater4.1

Ivanti ≫ Policy Secure Version9.1 Updater4.2

Ivanti ≫ Policy Secure Version9.1 Updater5

Ivanti ≫ Policy Secure Version9.1 Updater6

Ivanti ≫ Policy Secure Version9.1 Updater7

Ivanti ≫ Policy Secure Version9.1 Updater8

Ivanti ≫ Policy Secure Version9.1 Updater8.1

Ivanti ≫ Policy Secure Version9.1 Updater8.2

Ivanti ≫ Policy Secure Version9.1 Updater9

Ivanti ≫ Policy Secure Version22.1 Updater1

Ivanti ≫ Policy Secure Version22.2 Updater1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.71%	0.716

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-128 Wrap-around Error

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-35258

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-35258

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-35258

EUVD