Reset Search
 

 

Article

KB45001 - Are we affected by CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 vulnerabilities?

« Go Back

Information

 
Last Modified Date2/7/2022 3:28 PM
Synopsis
Problem or Goal
The following vulnerabilities were reported on the 18th of Jan, 2022.

More details can be found in the links below,

https://nvd.nist.gov/vuln/detail/CVE-2022-23302
https://nvd.nist.gov/vuln/detail/CVE-2022-23305
https://nvd.nist.gov/vuln/detail/CVE-2022-23307
Cause
Solution
Ivanti Pulse Engineering teams have completed their analysis and the following table has the complete summary.

 Impact
ProductCVE-2022-23302CVE-2022-23305CVE-2022-23307
Pulse Secure Virtual Traffic ManagerNot AffectedNot AffectedNot Affected
Pulse Secure Services DirectorNot AffectedNot AffectedNot Affected
Pulse Secure Web Application FirewallNot AffectedNot AffectedNot Affected
Pulse Connect SecureNot Exploitable*Not Exploitable*Not Exploitable*
Ivanti Connect Secure (ICS)Not Exploitable*Not Exploitable*Not Exploitable*
Pulse Policy SecureNot Exploitable*Not Exploitable*Not Exploitable*
Pulse Desktop ClientNot AffectedNot AffectedNot Affected
Pulse Mobile ClientNot AffectedNot AffectedNot Affected
Pulse OneNot AffectedNot AffectedNot Affected
Pulse ZTANot Vulnerable**Not AffectedNot Affected
Ivanti Neurons for ZTANot Vulnerable**Not AffectedNot Affected
Ivanti Neurons for secure AccessNot Vulnerable**Not AffectedNot Affected
* The associated Package/Library is present but not used. And, it also does not have the connectors (Prerequisite) required for the exploit. 
** The associated Package/Library is present and used but it does not have the connectors (Prerequisite) to be vulnerable.
 
Related Links
Attachment 1 
Created ByRaghu Kumar

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255