← Zuruck zu CVEs
CVE-2021-22893
CRITICALCISA KEV10.0
Beschreibung
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
CVE Details
CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/23/2021
Zuletzt geandert12/18/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerIvanti
ProduktPulse Connect Secure
SchwachstellennameIvanti Pulse Connect Secure Use-After-Free Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungKnown
Betroffene Produkte
ivanti:connect_secure
Schwachen (CWE)
CWE-287CWE-416
Referenzen
https://blog.pulsesecure.net/pulse-connect-secure-security-update/(support@hackerone.com)
https://kb.cert.org/vuls/id/213092(support@hackerone.com)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/(support@hackerone.com)
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html(support@hackerone.com)
https://blog.pulsesecure.net/pulse-connect-secure-security-update/(af854a3a-2127-422b-91ae-364da2661108)
https://kb.cert.org/vuls/id/213092(af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/(af854a3a-2127-422b-91ae-364da2661108)
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/213092(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.