Описание
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
Уязвимые конфигурации
Конфигурация 1Версия до 9.1 (исключая)Версия от 22.2 (включая) до 22.7 (исключая)Версия до 22.7 (исключая)
Одно из
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.9:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.7:r2.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:-:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.6:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.7:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r1.6:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.7:r2.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.7:r1.2:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.2299
Средний
7 High
CVSS3
Дефекты
CWE-121
CWE-787
Связанные уязвимости
CVSS3: 7
github
около 1 года назад
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
CVSS3: 7
fstec
около 1 года назад
Уязвимость средств контроля сетевого доступа Ivanti Connect Secure (ранее Pulse Connect Secure), Ivanti Policy Secure и средства управления IT-сервисами Ivanti Neurons for ZTA, связанная с переполнением буфера в стеке, позволяющая нарушителю повысить свои привилегии
CVSS3: 9
fstec
около 1 года назад
Уязвимость средств контроля сетевого доступа Ivanti Connect Secure (ранее Pulse Connect Secure), Ivanti Policy Secure и средства управления IT-сервисами Ivanti Neurons for ZTA, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 96%
0.2299
Средний
7 High
CVSS3
Дефекты
CWE-121
CWE-787