← Voltar para CVEs
CVE-2021-22893
CRITICALCISA KEV10.0
Descricao
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/23/2021
Ultima modificacao12/18/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorIvanti
ProdutoPulse Connect Secure
Nome da vulnerabilidadeIvanti Pulse Connect Secure Use-After-Free Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2022-05-03
Uso em ransomwareKnown
Produtos afetados
ivanti:connect_secure
Fraquezas (CWE)
CWE-287CWE-416
Referencias
https://blog.pulsesecure.net/pulse-connect-secure-security-update/(support@hackerone.com)
https://kb.cert.org/vuls/id/213092(support@hackerone.com)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/(support@hackerone.com)
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html(support@hackerone.com)
https://blog.pulsesecure.net/pulse-connect-secure-security-update/(af854a3a-2127-422b-91ae-364da2661108)
https://kb.cert.org/vuls/id/213092(af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/(af854a3a-2127-422b-91ae-364da2661108)
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/213092(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.