CVE-2022-35254
published 2022-12-05CVE-2022-35254: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.51%
82.8th percentile
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | < 9.1 | 9.1 |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | neurons_for_zero-trust_access | — | — |
| ivanti | policy_secure | < 9.1 | 9.1 |
| ivanti | policy_secure | — | — |
| ivanti | policy_secure | — | — |
| ivanti | policy_secure | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5g77-9q59-93h8: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9
ghsa_unreviewed·2022-12-06
CVE-2022-35254 [HIGH] CWE-400 GHSA-5g77-9q59-93h8: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Ivanti
Ivanti Security Advisory: CVE-2022-35254
vendor_ivanti·2022-12-05·CVSS 7.5
CVE-2022-35254 [HIGH] CWE-400 Ivanti Security Advisory: CVE-2022-35254
Ivanti Security Advisory: CVE-2022-35254
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
CVE IDs: CVE-2022-35254
CVSS Base Score: 7.5
Severity: HIGH
CWEs: CWE-400, CWE-416
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-05
Published