CVE-2022-35258 : An unauthenticated attacker can cause a denial-of-service to the following produ

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Published 2022-12-05 22:15:11

Updated 2024-02-27 21:04:18

Source HackerOne

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-35258

Ivanti » Connect Secure
Versions before (<) 9.1
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 22.1 Update R1
cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 22.2 Update R1
cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R16.1
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R16
cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R15
cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 21.9 Update R1
cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 21.12 Update R1
cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 22.2
cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R1
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R11.3
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R11.4
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R11.5
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R12
cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R12.1
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R13
cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R13.1
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R14
cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R2
cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R3
cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R4
cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R4.1
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R4.2
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R4.3
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R5
cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R6
cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R7
cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R8
cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R8.1
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R8.2
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R9
cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R9.1
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1
cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R10.0
cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R10.2
cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R11.0
cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R11.1
cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R8.4
cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R9.2
cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R1.0
cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R2.0
cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R3.0
cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R4.0
cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R5.0
cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R6.0
cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R7.0
cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R8.0
cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R9.0
cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*
Matching versions
Ivanti » Connect Secure » Version: 9.1 Update R12.2
cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure
Versions before (<) 9.1
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 22.2 Update R1
cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 22.1 Update R1
cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R15
cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R16
cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R1
cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R10
cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R11
cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R12
cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R13
cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R13.1
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R14
cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R2
cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R3
cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R3.1
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R4
cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R4.1
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R4.2
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R5
cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R6
cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R7
cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R8
cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R8.1
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R8.2
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1 Update R9
cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
Matching versions
Ivanti » Policy Secure » Version: 9.1
cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*
Matching versions
Ivanti » Neurons For Zero-trust Access » Version: 22.2 Update R1
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-35258

EPSS FAQ

1.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-35258

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-35258

CWE-128 Wrap-around Error

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

Assigned by: support@hackerone.com (Secondary)
CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-35258

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW

Pulse Security Advisory: SA45520 - CVE's (CVE-2022-35254,CVE-2022-35258) may lead to DoS attack
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-35258

Products affected by CVE-2022-35258

Exploit prediction scoring system (EPSS) score for CVE-2022-35258

CVSS scores for CVE-2022-35258

CWE ids for CVE-2022-35258

References for CVE-2022-35258