PT-2022-22661 · Ivanti · Ivanti Policy Secure+2
Published
2022-12-05
·
Updated
2024-02-27
·
CVE-2022-35254
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti Connect Secure versions prior to 9.1R14.3
Ivanti Connect Secure versions prior to 9.1R15.2
Ivanti Connect Secure versions prior to 9.1R16.2
Ivanti Connect Secure versions prior to 22.2R4
Ivanti Policy Secure versions prior to 9.1R17
Ivanti Policy Secure versions prior to 22.3R1
Ivanti Neurons for Zero-Trust Access versions prior to 22.3R1
Description
An unauthenticated attacker can cause a denial-of-service.
Recommendations
For Ivanti Connect Secure versions prior to 9.1R14.3, update to version 9.1R14.3 or later.
For Ivanti Connect Secure versions prior to 9.1R15.2, update to version 9.1R15.2 or later.
For Ivanti Connect Secure versions prior to 9.1R16.2, update to version 9.1R16.2 or later.
For Ivanti Connect Secure versions prior to 22.2R4, update to version 22.2R4 or later.
For Ivanti Policy Secure versions prior to 9.1R17, update to version 9.1R17 or later.
For Ivanti Policy Secure versions prior to 22.3R1, update to version 22.3R1 or later.
For Ivanti Neurons for Zero-Trust Access versions prior to 22.3R1, update to version 22.3R1 or later.
Fix
DoS
Resource Exhaustion
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ivanti Connect Secure
Ivanti Neurons For Zero-Trust Access
Ivanti Policy Secure