All the vulnerabilites related to ivanti - neurons_for_zero-trust_access
Vulnerability from fkie_nvd
Published
2025-01-08 23:15
Modified
2025-01-14 15:59
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day | Exploit, Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | connect_secure | 22.7 | |
| ivanti | neurons_for_zero-trust_access | 22.7 | |
| ivanti | neurons_for_zero-trust_access | 22.7 | |
| ivanti | neurons_for_zero-trust_access | 22.7 | |
| ivanti | policy_secure | 22.7 | |
| ivanti | policy_secure | 22.7 | |
| ivanti | policy_secure | 22.7 |
{
"cisaActionDue": "2025-01-15",
"cisaExploitAdd": "2025-01-08",
"cisaRequiredAction": "Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.",
"cisaVulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*",
"matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*",
"matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*",
"matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"matchCriteriaId": "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*",
"matchCriteriaId": "67D43D1D-564D-4ACD-B0FF-3828B95E9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*",
"matchCriteriaId": "BC8480E0-17C0-4590-950F-D3954E735365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*",
"matchCriteriaId": "3FAF4FB0-A88C-4A87-B6CB-32EF7B415885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*",
"matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "8D24A8DB-D697-4C60-935D-B08EE36861CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.5, Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.2 e Ivanti Neurons para puertas de enlace ZTA anteriores a la versi\u00f3n 22.7R2.3 permite que un atacante remoto no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2025-0282",
"lastModified": "2025-01-14T15:59:38.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-08T23:15:09.763",
"references": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
],
"url": "https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282"
}
],
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 22:15
Modified
2024-11-21 07:10
Severity ?
Summary
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "130C8955-BDA4-4518-8EBA-740EB08FC3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*",
"matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*",
"matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*",
"matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*",
"matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*",
"matchCriteriaId": "7162C24D-D181-49CC-B8C2-9EE3E0CDF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*",
"matchCriteriaId": "4E2D041D-9BDD-416D-B658-1C517C854104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*",
"matchCriteriaId": "7155EB34-E8E0-49AF-BDA2-FB4BFA44662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*",
"matchCriteriaId": "25EE614A-5F32-4CA9-998A-4FAF16DC100C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*",
"matchCriteriaId": "F49EE829-A2CD-491E-BFC3-7888491D7C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*",
"matchCriteriaId": "2254DDF1-7FF3-49E1-8826-91F49A6794F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*",
"matchCriteriaId": "B8EA4DA8-CD09-41AC-ADCB-27CF771C016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*",
"matchCriteriaId": "4D6CECCB-18BA-4219-95A2-2525A2BDCE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*",
"matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*",
"matchCriteriaId": "B7006C07-0E3F-4890-A1B3-533E10924D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*",
"matchCriteriaId": "F54753D0-6275-4F82-B874-55438D2983B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "361FAA47-52FF-4B36-96B0-9C178A4E031B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "24514B40-540E-45D7-90DC-BCC1D9D7E92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "368E8A56-50E4-4400-8C18-B7426B112FFC",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "BF767F07-2E9F-4099-829D-2F70E85D8A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "B994E22B-8FA5-4510-82F6-7820BDA7C307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "FE5C4ABC-2BEB-4741-95B3-303903369818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "D50C5526-F791-4C76-B5C0-DA2E1281C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "2CB8240E-7683-4C39-9654-4F8D1F682288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "7A53C031-E7A5-47B6-BA4A-DD28432E743F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "B90687F3-A5C1-4706-AD66-D78EE512E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "7ED1686B-2D80-4ECF-9F7A-AEA989E17C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "092DA2A3-5CEF-433F-8E5B-4850E4095CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A385F38B-0B03-4B69-B7A1-952F5BAE727C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "34C118FB-7AE0-466C-822A-348A2F6016AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1."
},
{
"lang": "es",
"value": "Un atacante no autenticado puede provocar una Denegaci\u00f3n de Servicio (DoS) a los siguientes productos: \nIvanti Connect Secure (ICS) en versiones anteriores a 9.1R14.3, 9.1R15.2, 9.1R16.2 y 22.2R4, \nIvanti Policy Secure (IPS ) en versiones anteriores a 9.1R17 y 22.3R1,\ne Ivanti Neurons for Zero-Trust Access en versiones anteriores a 22.3R1."
}
],
"id": "CVE-2022-35258",
"lastModified": "2024-11-21T07:10:59.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-05T22:15:10.627",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-128"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-08 23:15
Modified
2025-01-14 15:58
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C990BF25-46FA-491B-BED0-7C41F10EA49C",
"versionEndExcluding": "22.7",
"versionStartIncluding": "22.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "130C8955-BDA4-4518-8EBA-740EB08FC3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*",
"matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*",
"matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*",
"matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*",
"matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*",
"matchCriteriaId": "7162C24D-D181-49CC-B8C2-9EE3E0CDF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:*",
"matchCriteriaId": "06520C75-9326-4C21-8AD6-6DE1ED031959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
"matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
"matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:*",
"matchCriteriaId": "8971445A-D65F-4C0E-906F-7AC4953C5689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*",
"matchCriteriaId": "080CD832-3324-4158-A4CD-3A2E49B7BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*",
"matchCriteriaId": "DB2B8165-E9D4-4549-B16E-A62810BDAF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:*",
"matchCriteriaId": "014C7627-F211-48B1-80FA-3A7F608B4F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.7:*:*:*:*:*:*",
"matchCriteriaId": "A5592C84-538C-47AB-8042-09B42D89BB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.8:*:*:*:*:*:*",
"matchCriteriaId": "7DC6A046-F81C-4CBA-B06E-081AA550C91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.9:*:*:*:*:*:*",
"matchCriteriaId": "95500536-B5FD-4373-BF78-FB17745EB5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*",
"matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*",
"matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*",
"matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*",
"matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*",
"matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*",
"matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*",
"matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*",
"matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*",
"matchCriteriaId": "A08BAF98-7F05-4596-8BFC-91F1A79D3BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4387B4-BC5C-41DE-92DA-84866A649AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "24514B40-540E-45D7-90DC-BCC1D9D7E92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*",
"matchCriteriaId": "BFD510E9-12DC-4942-BAA0-6405CBD905EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*",
"matchCriteriaId": "EA11BB6D-36C7-438B-A5A7-71C3CB2E5EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "7B01001B-FA11-4297-AB81-12A00B97C820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "9F28E6B1-44AB-4635-8939-5B0A44BED1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "3E9D957B-49F9-492D-A66A-0D25BA27AD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "D1AB497E-E403-4DEE-A83D-CB2E119E5E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "CA6B3322-9AFB-44B5-B571-995AB606FD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "47CB7C12-D642-4015-842C-37241F87DB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "58E49DF1-F66A-4F52-87FA-A50DFD735ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "62A0393A-C1C6-4708-BC41-5A5B8FB765FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.3:*:*:*:*:*:*",
"matchCriteriaId": "1F3358B0-4751-4DCD-8BFC-BB4C68505658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.5:*:*:*:*:*:*",
"matchCriteriaId": "5C9313A0-2F33-412B-A6F0-E51AE19E199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.6:*:*:*:*:*:*",
"matchCriteriaId": "2979603E-F5CF-4C53-9828-36795E1B6247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.7:*:*:*:*:*:*",
"matchCriteriaId": "D0D33C96-EE5C-41EB-8D9F-88ED025C191A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1:*:*:*:*:*:*",
"matchCriteriaId": "9F0A44E1-3670-4AD5-A54D-FDA6C200AA73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "C5B4CE43-2D9B-4DF9-AC2A-F649622CD190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.3:*:*:*:*:*:*",
"matchCriteriaId": "3C9B3FF8-F613-404D-BC85-9DD6F2A6DB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.4:*:*:*:*:*:*",
"matchCriteriaId": "CFC583B5-18F5-4943-8C68-6C601857CE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.5:*:*:*:*:*:*",
"matchCriteriaId": "6E4DE5D9-C92B-4143-835F-2D16F0CC328F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.6:*:*:*:*:*:*",
"matchCriteriaId": "F874F69E-C621-4C4B-802F-900E7BFAB71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*",
"matchCriteriaId": "67D43D1D-564D-4ACD-B0FF-3828B95E9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*",
"matchCriteriaId": "BC8480E0-17C0-4590-950F-D3954E735365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*",
"matchCriteriaId": "3FAF4FB0-A88C-4A87-B6CB-32EF7B415885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*",
"matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*",
"matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "8D24A8DB-D697-4C60-935D-B08EE36861CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.5, Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.2 e Ivanti Neurons para puertas de enlace ZTA anteriores a la versi\u00f3n 22.7R2.3 permite que un atacante autenticado local escale sus privilegios."
}
],
"id": "CVE-2025-0283",
"lastModified": "2025-01-14T15:58:55.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-08T23:15:09.920",
"references": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283"
}
],
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-31 18:15
Modified
2024-11-29 15:16
Severity ?
Summary
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
References
Impacted products
{
"cisaActionDue": "2024-02-02",
"cisaExploitAdd": "2024-01-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3818B543-3415-4E27-8DAD-6BA9D3D9A1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*",
"matchCriteriaId": "5DA976D9-A330-475E-B8C0-09EF3E08F18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*",
"matchCriteriaId": "59F4A6F7-A6D4-4517-A316-7C7C002A9ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*",
"matchCriteriaId": "702094B0-2E5C-4A16-A8B0-F0EAF78E4ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "A369AE09-17E4-4541-A8E1-A2F4A1398EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "24EF2F1A-8140-4FDB-8AF4-309AFAF998E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*",
"matchCriteriaId": "4755BC2C-A96E-47AF-9D7C-E8D44B31F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*",
"matchCriteriaId": "BF6E8A0C-192B-4F51-86AA-FC2B85657632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
"matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
"matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*",
"matchCriteriaId": "080CD832-3324-4158-A4CD-3A2E49B7BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*",
"matchCriteriaId": "DB2B8165-E9D4-4549-B16E-A62810BDAF8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "361FAA47-52FF-4B36-96B0-9C178A4E031B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
"matchCriteriaId": "6C383863-1E90-4B72-A500-4326782BC92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "AB9A5868-34FB-446E-817F-6701CC5DE923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
"matchCriteriaId": "5456F61D-1FD1-4DA6-AFA3-4073889AD22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "EA574551-14BF-45E1-AC2A-2FB5B265640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AFE8DB4A-9891-4647-82E2-EB5D377CAD25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "26B25B34-7BD0-471B-A396-45CE5420E963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "AA514C05-2834-4C7B-B022-02B41C9AAD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "0929C645-DACB-4341-9032-7C79FFC8BCF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "0D36CB5A-8389-4F2F-882A-4E8F30028799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "517DA74B-9D69-45E1-A707-A08A305A507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "F72C00C7-017C-4C25-99B0-D7D42D969E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "BF767F07-2E9F-4099-829D-2F70E85D8A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "B994E22B-8FA5-4510-82F6-7820BDA7C307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "FE5C4ABC-2BEB-4741-95B3-303903369818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "D50C5526-F791-4C76-B5C0-DA2E1281C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "2CB8240E-7683-4C39-9654-4F8D1F682288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "7A53C031-E7A5-47B6-BA4A-DD28432E743F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "B90687F3-A5C1-4706-AD66-D78EE512E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "D10A3F2D-6A62-4A48-93FB-274527C821D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "811C7E7E-89AB-47DF-BACD-ED478DF756BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r18.1:*:*:*:*:*:*",
"matchCriteriaId": "98FC67F0-3EEF-4C69-BB94-A15B1FE4D8F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r18.2:*:*:*:*:*:*",
"matchCriteriaId": "77AA3823-7B01-423E-BE8E-797AEB567B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "26AEB02E-D2D0-4D7A-BB00-9E5112696B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "7ED1686B-2D80-4ECF-9F7A-AEA989E17C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "092DA2A3-5CEF-433F-8E5B-4850E4095CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A385F38B-0B03-4B69-B7A1-952F5BAE727C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "925DCCBA-9382-4A39-84B8-4DEAFD2BC802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "34C118FB-7AE0-466C-822A-348A2F6016AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "1536DB45-9A42-4549-A10E-FDBB6693DF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "51FF66C9-9415-4EAD-8F19-D5E067336885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "D73729EB-C679-4CED-9F36-212B0581EC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "14B481E8-D887-408F-B892-D2939CD037AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "3EB8380F-D229-4AF0-B27C-47760F843E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "56C7542D-3520-4E4D-936C-5295068C4CD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4387B4-BC5C-41DE-92DA-84866A649AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "24514B40-540E-45D7-90DC-BCC1D9D7E92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*",
"matchCriteriaId": "BFD510E9-12DC-4942-BAA0-6405CBD905EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*",
"matchCriteriaId": "EA11BB6D-36C7-438B-A5A7-71C3CB2E5EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "7B01001B-FA11-4297-AB81-12A00B97C820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "9F28E6B1-44AB-4635-8939-5B0A44BED1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "3E9D957B-49F9-492D-A66A-0D25BA27AD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "D1AB497E-E403-4DEE-A83D-CB2E119E5E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "CA6B3322-9AFB-44B5-B571-995AB606FD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "47CB7C12-D642-4015-842C-37241F87DB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "58E49DF1-F66A-4F52-87FA-A50DFD735ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "62A0393A-C1C6-4708-BC41-5A5B8FB765FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication."
},
{
"lang": "es",
"value": "Una vulnerabilidad de server-side request forgery en el componente SAML de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) e Ivanti Neurons for ZTA permite a un atacante acceder a ciertos recursos restringidos sin autenticaci\u00f3n."
}
],
"id": "CVE-2024-21893",
"lastModified": "2024-11-29T15:16:27.133",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-31T18:15:47.437",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-05 22:15
Modified
2024-11-21 07:10
Severity ?
Summary
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*",
"matchCriteriaId": "130C8955-BDA4-4518-8EBA-740EB08FC3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*",
"matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*",
"matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*",
"matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*",
"matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*",
"matchCriteriaId": "7162C24D-D181-49CC-B8C2-9EE3E0CDF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*",
"matchCriteriaId": "4E2D041D-9BDD-416D-B658-1C517C854104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*",
"matchCriteriaId": "7155EB34-E8E0-49AF-BDA2-FB4BFA44662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*",
"matchCriteriaId": "25EE614A-5F32-4CA9-998A-4FAF16DC100C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*",
"matchCriteriaId": "F49EE829-A2CD-491E-BFC3-7888491D7C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*",
"matchCriteriaId": "2254DDF1-7FF3-49E1-8826-91F49A6794F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*",
"matchCriteriaId": "B8EA4DA8-CD09-41AC-ADCB-27CF771C016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*",
"matchCriteriaId": "4D6CECCB-18BA-4219-95A2-2525A2BDCE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*",
"matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*",
"matchCriteriaId": "B7006C07-0E3F-4890-A1B3-533E10924D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*",
"matchCriteriaId": "F54753D0-6275-4F82-B874-55438D2983B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*",
"matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "361FAA47-52FF-4B36-96B0-9C178A4E031B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "24514B40-540E-45D7-90DC-BCC1D9D7E92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "368E8A56-50E4-4400-8C18-B7426B112FFC",
"versionEndExcluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "BF767F07-2E9F-4099-829D-2F70E85D8A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "B994E22B-8FA5-4510-82F6-7820BDA7C307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "FE5C4ABC-2BEB-4741-95B3-303903369818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "D50C5526-F791-4C76-B5C0-DA2E1281C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "2CB8240E-7683-4C39-9654-4F8D1F682288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "7A53C031-E7A5-47B6-BA4A-DD28432E743F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "B90687F3-A5C1-4706-AD66-D78EE512E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "7ED1686B-2D80-4ECF-9F7A-AEA989E17C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "092DA2A3-5CEF-433F-8E5B-4850E4095CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A385F38B-0B03-4B69-B7A1-952F5BAE727C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "34C118FB-7AE0-466C-822A-348A2F6016AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1."
},
{
"lang": "es",
"value": "Un atacante no autenticado puede provocar una Denegaci\u00f3n de Servicio (DoS) a los siguientes productos: \nIvanti Connect Secure (ICS) en versiones anteriores a 9.1R14.3, 9.1R15.2, 9.1R16.2 y 22.2R4, \nIvanti Policy Secure (IPS ) en versiones anteriores a 9.1R17 y 22.3R1,\ne Ivanti Neurons for Zero-Trust Access en versiones anteriores a 22.3R1."
}
],
"id": "CVE-2022-35254",
"lastModified": "2024-11-21T07:10:58.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-05T22:15:10.457",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2025-0283
Vulnerability from cvelistv5
Published
2025-01-08 22:15
Modified
2025-01-09 17:41
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Ivanti | Connect Secure |
Patch: 22.7R2.5 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T15:56:25.438413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:41:24.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "affected",
"version": "22.7R1.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Neurons for ZTA gateways",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T22:15:59.822Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-0283",
"datePublished": "2025-01-08T22:15:59.822Z",
"dateReserved": "2025-01-06T16:53:11.756Z",
"dateUpdated": "2025-01-09T17:41:24.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35254
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway |
Version: ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4 and 22.2R1, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4 and 22.2R1, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35254",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-07-06T00:00:00",
"dateUpdated": "2024-08-03T09:29:17.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-21893
Vulnerability from cvelistv5
Published
2024-01-31 17:51
Modified
2024-08-01 22:35
Severity ?
EPSS score ?
Summary
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "21.9"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "21.12"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:9.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21893",
"options": [
{
"Exploitation": "Active"
},
{
"Automatable": "Yes"
},
{
"Technical Impact": "Partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T05:00:07.654275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-31",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21893"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:50.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:33.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ICS",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "9.1R18",
"status": "affected",
"version": "9.1R18",
"versionType": "semver"
},
{
"lessThanOrEqual": "22.6R2",
"status": "affected",
"version": "22.6R2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IPS",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "9.1R18",
"status": "affected",
"version": "9.1R18",
"versionType": "semver"
},
{
"lessThanOrEqual": "22.6R1",
"status": "affected",
"version": "22.6R1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:51:35.095Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-21893",
"datePublished": "2024-01-31T17:51:35.095Z",
"dateReserved": "2024-01-03T01:04:06.539Z",
"dateUpdated": "2024-08-01T22:35:33.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-0282
Vulnerability from cvelistv5
Published
2025-01-08 22:15
Modified
2025-01-09 21:45
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Ivanti | Connect Secure |
Version: 22.7R2 < Patch: 22.7R2.5 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"dateAdded": "2025-01-08",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0282",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T14:19:09.772617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T14:20:01.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-09T21:45:22.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-0282"
},
{
"url": "https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "22.7R2.4",
"status": "affected",
"version": "22.7R2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.7R2.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "22.7R1.2",
"status": "affected",
"version": "22.7R1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Neurons for ZTA gateways",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "22.7R2.3",
"status": "affected",
"version": "22.7R2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.7R2.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T22:15:09.386Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-0282",
"datePublished": "2025-01-08T22:15:09.386Z",
"dateReserved": "2025-01-06T16:53:11.204Z",
"dateUpdated": "2025-01-09T21:45:22.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35258
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway |
Version: ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ICS Prior to 9.1R14.3,9.1R15.2,9.1R16.2 and 22.2R4, IPS Prior to 9.1R17 and 22.3R1, Ivanti Neurons for Zero Trust Access Gateway Prior to 22.3R1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-128",
"description": "Wrap-around Error (CWE-128)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35258",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-07-06T00:00:00",
"dateUpdated": "2024-08-03T09:29:17.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}