CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.2::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r1::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r2::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3.1::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.1::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.2::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r5::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r6::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r7::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8::::::
	cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8.1::::::
	cpe:2.3:a:ivanti:connect_secure::::::::
	cpe:2.3:a:ivanti:policy_secure::::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.2::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.1::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.3::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.4::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12.1::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12.2::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r13::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.4::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.0::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.1::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.2::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.5::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r13.1::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r14::::::
	cpe:2.3:a:ivanti:connect_secure:22.1:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.2:r1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r16.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r16::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r15::::::
	cpe:2.3:a:ivanti:connect_secure:21.9:r1::::::
	cpe:2.3:a:ivanti:connect_secure:21.12:r1::::::
	cpe:2.3:a:ivanti:connect_secure:22.2:-::::::
	cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.2:r1::::::
cpe:2.3:a:ivanti:policy_secure:22.1:r1::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r15::::::
cpe:2.3:a:ivanti:policy_secure:9.1:r16::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8.2::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r14::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r13::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r13.1::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r12::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r11::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r10::::::
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r9::::::

Information

Published : 2022-12-05 14:15

Updated : 2022-12-08 11:20

NVD link : CVE-2022-35254

Mitre link : CVE-2022-35254

JSON object : View

CWE

CWE-400

Uncontrolled Resource Consumption

Products Affected

pulsesecure

pulse_policy_secure
pulse_connect_secure

ivanti

neurons_for_zero-trust_access
connect_secure
policy_secure

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW", "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-400"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-35254", "ASSIGNER": "cve-assignments@hackerone.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-12-05T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r3.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r4.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.1"}, {"cpe23Uri": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.1"}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r13.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r8.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r13.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pulsesecure:pulse_policy_secure:9.1:r9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-08T19:20Z"}

7.5 /10