Vulnerability Description
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Connect Secure | 9.0 |
Related Weaknesses (CWE)
References
- https://blog.pulsesecure.net/pulse-connect-secure-security-update/Vendor Advisory
- https://kb.cert.org/vuls/id/213092Third Party AdvisoryUS Government Resource
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/Broken LinkVendor Advisory
- https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leveraThird Party Advisory
- https://blog.pulsesecure.net/pulse-connect-secure-security-update/Vendor Advisory
- https://kb.cert.org/vuls/id/213092Third Party AdvisoryUS Government Resource
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/Broken LinkVendor Advisory
- https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leveraThird Party Advisory
- https://www.kb.cert.org/vuls/id/213092US Government Resource
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-22893?
CVE-2021-22893 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect S...
How severe is CVE-2021-22893?
CVE-2021-22893 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-22893?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Connect Secure.