CVE-2022-35258

CVSS V2 None CVSS V3 None

Description

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Overview

CVE ID
CVE-2022-35258

Assigner
support@hackerone.com

Vulnerability Status
Analyzed

Published Version
2022-12-05T22:15:10

Last Modified Date
2022-12-09T00:33:47

Weakness Enumerations

CWE	URL
CWE-682	http://cwe.mitre.org/data/definitions/682.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:ivanti:connect_secure::::::::	1	OR	9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r15::::::	1	OR
cpe:2.3:a:ivanti:connect_secure:9.1:r16::::::	1	OR
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1::::::	1	OR
cpe:2.3:a:ivanti:connect_secure:21.9:r1::::::	1	OR
cpe:2.3:a:ivanti:connect_secure:21.12:r1::::::	1	OR
cpe:2.3:a:ivanti:connect_secure:22.1:r1::::::	1	OR
cpe:2.3:a:ivanti:connect_secure:22.2:-::::::	1	OR
cpe:2.3:a:ivanti:connect_secure:22.2:r1::::::	1	OR
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1::::::	1	OR
cpe:2.3:a:ivanti:policy_secure::::::::	1	OR	9.1
cpe:2.3:a:ivanti:policy_secure:9.1:r15::::::	1	OR
cpe:2.3:a:ivanti:policy_secure:9.1:r16::::::	1	OR
cpe:2.3:a:ivanti:policy_secure:22.1:r1::::::	1	OR
cpe:2.3:a:ivanti:policy_secure:22.2:r1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.3::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.4::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.5::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12.2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r13::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r13.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r14::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.4::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.0::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r10::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r11::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r12::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r13::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r13.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r14::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r5::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r6::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r7::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8.1::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8.2::::::	1	OR
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r9::::::	1	OR

References

Reference URL	Reference Tags
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-35258
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35258

History

Created	Old Value	New Value	Data Type	Notes
2022-12-07 18:06:38				Added to TrackCVE
2022-12-07 18:15:32	2022-12-05T22:15:10.627	2022-12-05T22:15:10	CVE Published Date	updated
2022-12-07 18:15:32		2022-12-05T23:40:11	CVE Modified Date	updated
2022-12-07 18:15:32	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-09 01:14:36		2022-12-09T00:33:47	CVE Modified Date	updated
2022-12-09 01:14:36	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-09 01:14:36		CWE-682	Weakness Enumeration	new
2022-12-09 01:14:39			CPE Information	updated