cvelistv5 - CVE-2021-22893

CVE-2021-22893 (GCVE-0-2021-22893)

Vulnerability from cvelistv5 – Published: 2021-04-23 16:29 – Updated: 2025-10-21 23:25

CISA

Summary

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication - Generic (CWE-287)

Assigner

hackerone

References

URL

Tags

	https://kb.pulsesecure.net/articles/Pulse_Securit…	x_refsource_MISC
	https://blog.pulsesecure.net/pulse-connect-secure…	x_refsource_MISC
	https://www.fireeye.com/blog/threat-research/2021…	x_refsource_MISC
	https://kb.cert.org/vuls/id/213092	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Pulse Connect Secure	Affected: PCS 9.0R3 or above, PCS 9.1R1 and above

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2021-04-23

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22893

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:24.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/213092"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/213092"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-22893",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-23T21:35:28.790735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:48.614Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2021-22893 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pulse Connect Secure",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "PCS 9.0R3 or above, PCS 9.1R1 and above"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication - Generic (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-23T16:29:43.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cert.org/vuls/id/213092"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2021-22893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pulse Connect Secure",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "PCS 9.0R3 or above, PCS 9.1R1 and above"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication - Generic (CWE-287)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
            },
            {
              "name": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/",
              "refsource": "MISC",
              "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
            },
            {
              "name": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html",
              "refsource": "MISC",
              "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
            },
            {
              "name": "https://kb.cert.org/vuls/id/213092",
              "refsource": "MISC",
              "url": "https://kb.cert.org/vuls/id/213092"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22893",
    "datePublished": "2021-04-23T16:29:43.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:48.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-22893",
      "cwes": "[\"CWE-287\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-04-23",
      "knownRansomwareCampaignUse": "Known",
      "notes": "Reference CISA\u0027s ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22893",
      "product": "Pulse Connect Secure",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.",
      "vendorProject": "Ivanti",
      "vulnerabilityName": "Ivanti Pulse Connect Secure Use-After-Free Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2021-04-23",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Ivanti Pulse Connect Secure Use-After-Free Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3818B543-3415-4E27-8DAD-6BA9D3D9A1A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D47D09A8-4AC4-4CD9-B648-5F26453E2E1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"59331DC5-FF5F-4BB3-905E-5A4A621F86ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A708C3F-9050-4475-95B3-4785D3E2CB69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"52851AAA-88FB-40BC-B41A-B821F6BA9F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F05DC11E-7C41-450B-A2BF-603E9252BB40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DA976D9-A330-475E-B8C0-09EF3E08F18D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"59F4A6F7-A6D4-4517-A316-7C7C002A9ED3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*\", \"matchCriteriaId\": \"702094B0-2E5C-4A16-A8B0-F0EAF78E4ECB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A369AE09-17E4-4541-A8E1-A2F4A1398EE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"24EF2F1A-8140-4FDB-8AF4-309AFAF998E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"4755BC2C-A96E-47AF-9D7C-E8D44B31F10B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF6E8A0C-192B-4F51-86AA-FC2B85657632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F450898-0B06-4073-9B76-BF22F68BD14F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B21C181-DC49-4EBD-9932-DBB337151FF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AA4B39F-2FB9-4752-B1F1-18812B0990B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"232BAB6C-D318-4F80-8F49-4E700C21F535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABD840BF-944E-4F4C-96DC-0256286338F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1995F34-AE75-47C4-9A9D-DBB1D3E130E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"366EF5B8-0233-49B8-806A-E54F60410ADE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FEFC4B1-7350-46F9-80C1-42F5AE06142F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB7A6D62-6576-4713-9BF4-11068A72E8B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"843BC1B9-50CC-4F8F-A454-A0CEC6E92290\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5355372-03EA-46D7-9104-A2785C29B664\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DE32A0C-8944-4F51-A286-266055CA4B2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0349A0CC-A372-4E51-899E-D7BA67876F4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*\", \"matchCriteriaId\": \"93D1A098-BD77-4A7B-9070-A764FB435981\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CCC2D7B-F835-45EC-A316-2F0C5F2CF565\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD812596-C77C-4129-982F-C22A25B52126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FA0B20D-3FA1-42AE-BDC5-93D8A182927C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*\", \"matchCriteriaId\": \"07AB853D-5A3F-4142-8417-1C9FB729A89E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*\", \"matchCriteriaId\": \"16DAA769-8F0D-4C54-A8D9-9902995605B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2C10C89-1DBC-4E91-BD28-D5097B589CA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F54753D0-6275-4F82-B874-55438D2983B3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.\"}, {\"lang\": \"es\", \"value\": \"Pulse Connect Secure versiones 9.0R3/9.1R1 y posteriores, es susceptible a una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n expuesta por las funciones de Windows File Share Browser y Pulse Secure Collaboration de Pulse Connect Secure, que pueden permitir a un usuario no autenticado llevar a cabo una ejecuci\\u00f3n de c\\u00f3digo remoto arbitrario en Pulse Connect Secure gateway.\u0026#xa0;Esta vulnerabilidad ha sido explotado en el wild\"}]",
      "id": "CVE-2021-22893",
      "lastModified": "2024-11-21T05:50:51.423",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-04-23T17:15:08.127",
      "references": "[{\"url\": \"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.cert.org/vuls/id/213092\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.cert.org/vuls/id/213092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/213092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22893\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2021-04-23T17:15:08.127\",\"lastModified\":\"2025-10-30T20:40:52.027\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.\"},{\"lang\":\"es\",\"value\":\"Pulse Connect Secure versiones 9.0R3/9.1R1 y posteriores, es susceptible a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n expuesta por las funciones de Windows File Share Browser y Pulse Secure Collaboration de Pulse Connect Secure, que pueden permitir a un usuario no autenticado llevar a cabo una ejecuci\u00f3n de c\u00f3digo remoto arbitrario en Pulse Connect Secure gateway.\u0026#xa0;Esta vulnerabilidad ha sido explotado en el wild\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-04-23\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Ivanti Pulse Connect Secure Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3818B543-3415-4E27-8DAD-6BA9D3D9A1A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47D09A8-4AC4-4CD9-B648-5F26453E2E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"59331DC5-FF5F-4BB3-905E-5A4A621F86ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A708C3F-9050-4475-95B3-4785D3E2CB69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"52851AAA-88FB-40BC-B41A-B821F6BA9F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F05DC11E-7C41-450B-A2BF-603E9252BB40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA976D9-A330-475E-B8C0-09EF3E08F18D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"59F4A6F7-A6D4-4517-A316-7C7C002A9ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"702094B0-2E5C-4A16-A8B0-F0EAF78E4ECB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A369AE09-17E4-4541-A8E1-A2F4A1398EE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"24EF2F1A-8140-4FDB-8AF4-309AFAF998E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"4755BC2C-A96E-47AF-9D7C-E8D44B31F10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF6E8A0C-192B-4F51-86AA-FC2B85657632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F450898-0B06-4073-9B76-BF22F68BD14F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B21C181-DC49-4EBD-9932-DBB337151FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA4B39F-2FB9-4752-B1F1-18812B0990B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"232BAB6C-D318-4F80-8F49-4E700C21F535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD840BF-944E-4F4C-96DC-0256286338F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1995F34-AE75-47C4-9A9D-DBB1D3E130E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"366EF5B8-0233-49B8-806A-E54F60410ADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FEFC4B1-7350-46F9-80C1-42F5AE06142F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB7A6D62-6576-4713-9BF4-11068A72E8B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"843BC1B9-50CC-4F8F-A454-A0CEC6E92290\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5355372-03EA-46D7-9104-A2785C29B664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE32A0C-8944-4F51-A286-266055CA4B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0349A0CC-A372-4E51-899E-D7BA67876F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"93D1A098-BD77-4A7B-9070-A764FB435981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCC2D7B-F835-45EC-A316-2F0C5F2CF565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD812596-C77C-4129-982F-C22A25B52126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA0B20D-3FA1-42AE-BDC5-93D8A182927C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"07AB853D-5A3F-4142-8417-1C9FB729A89E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*\",\"matchCriteriaId\":\"16DAA769-8F0D-4C54-A8D9-9902995605B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C10C89-1DBC-4E91-BD28-D5097B589CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F54753D0-6275-4F82-B874-55438D2983B3\"}]}]}],\"references\":[{\"url\":\"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/213092\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/213092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/213092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Pulse Connect Secure\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"PCS 9.0R3 or above, PCS 9.1R1 and above\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-287\", \"description\": \"Improper Authentication - Generic (CWE-287)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2021-04-23T16:29:43.000Z\", \"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\"}, \"references\": [{\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://kb.cert.org/vuls/id/213092\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"support@hackerone.com\", \"ID\": \"CVE-2021-22893\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Pulse Connect Secure\", \"version\": {\"version_data\": [{\"version_value\": \"PCS 9.0R3 or above, PCS 9.1R1 and above\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Improper Authentication - Generic (CWE-287)\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\", \"refsource\": \"MISC\", \"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\"}, {\"name\": \"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\", \"refsource\": \"MISC\", \"url\": \"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\"}, {\"name\": \"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\", \"refsource\": \"MISC\", \"url\": \"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\"}, {\"name\": \"https://kb.cert.org/vuls/id/213092\", \"refsource\": \"MISC\", \"url\": \"https://kb.cert.org/vuls/id/213092\"}]}}}, \"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.kb.cert.org/vuls/id/213092\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://blog.pulsesecure.net/pulse-connect-secure-security-update/\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://kb.cert.org/vuls/id/213092\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T18:58:24.775Z\"}}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-22893\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-23T21:35:28.790735Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:11:54.890Z\"}, \"timeline\": [{\"time\": \"2021-11-03T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2021-22893 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"assignerShortName\": \"hackerone\", \"cveId\": \"CVE-2021-22893\", \"datePublished\": \"2021-04-23T16:29:43.000Z\", \"dateReserved\": \"2021-01-06T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T18:50:00.603Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2021-36853

Vulnerability from cnvd - Published: 2021-05-25

Title

Pulse Secure Pulse Connect Secure身份验证绕过漏洞

Description

Pulse Secure Pulse Connect Secure（又名PCS，前称Juniper Junos Pulse）是美国Pulse Secure公司的一套SSL VPN解决方案。 Pulse Connect Secure 存在身份验证绕过漏洞，攻击者可利用该漏洞在Pulse Connect Secure上执行任意代码。

Severity

高

Patch Name

Pulse Secure Pulse Connect Secure身份验证绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-22893

Impacted products

Name
['Pulse Secure Pulse Connect Secure >=9.0R3', 'Pulse Secure Pulse Connect Secure >=9.1R1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22893"
    }
  },
  "description": "Pulse Secure Pulse Connect Secure\uff08\u53c8\u540dPCS\uff0c\u524d\u79f0Juniper Junos Pulse\uff09\u662f\u7f8e\u56fdPulse Secure\u516c\u53f8\u7684\u4e00\u5957SSL VPN\u89e3\u51b3\u65b9\u6848\u3002\n\nPulse Connect Secure \u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728Pulse Connect Secure\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-36853",
  "openTime": "2021-05-25",
  "patchDescription": "Pulse Secure Pulse Connect Secure\uff08\u53c8\u540dPCS\uff0c\u524d\u79f0Juniper Junos Pulse\uff09\u662f\u7f8e\u56fdPulse Secure\u516c\u53f8\u7684\u4e00\u5957SSL VPN\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nPulse Connect Secure \u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728Pulse Connect Secure\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pulse Secure Pulse Connect Secure\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pulse Secure Pulse Connect Secure \u003e=9.0R3",
      "Pulse Secure Pulse Connect Secure \u003e=9.1R1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22893",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-21",
  "title": "Pulse Secure Pulse Connect Secure\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CERTFR-2021-ALE-007

Vulnerability from certfr_alerte - Published: - Updated:

[version du 3 mai 2021]

L'éditeur a publié le correctif pour la vulnérabilité CVE-2021-22893, ainsi que les vulnérabilités CVE-2021-22894, CVE-2021-22899 et CVE-2021-22900 avec un score CVSSv3 respectivement de 9.9, 9.9 et 7.2.

Si des mesures de contournement ont été appliquées, elles doivent être retirées en important le fichier remove-workaround-2104.xml, et les paramètres "Files, Windows" et "Meetings" doivent être restaurés avant l'application du correctif (cf. bulletin de sécurité de l'éditeur).

[version du 20 avril 2021]

Le 20 avril 2021, Pulse Secure a publié un bulletin de sécurité concernant la vulnérabilité CVE-2021-22893 (cf. section Documentation). Celle-ci permet à un attaquant non authentifié d'exécuter du code arbitraire à distance. Aucun correctif n'est pour l’instant disponible.

Le même jour, FireEye a publié un billet de blogue (cf. section Documentation) expliquant que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées. Au cours d'une exploitation, les attaquants modifient certains fichiers pour déposer des portes dérobées et effacer leurs traces.

Pulse Secure a publié un outil qui tente de détecter ces modifications (cf. section Documentation).

Contournement provisoire

Dans l'attente de la publication du correctif (début mai selon FireEye), Pulse Secure a mis à disposition une mesure de contournement. La procédure est décrite dans son bulletin de sécurité.

Pulse Secure indique que sa mesure de contournement ne fonctionne pas pour les versions 9.0R1 à 9.0R4.1 et 9.1R1 à 9.1R2. Il convient alors de préalablement mettre l'équipement à jour vers une version compatible avec cette mesure de contournement.

Pour mettre en place la mesure de contournement, il faut télécharger et importer le fichier Workaround-2104.xml. Il faut également vérifier que le Windows File Browser est désactivé pour chaque utilisateur. La mesure de contournement repose sur une liste noire d'URLs considérées comme caractéristiques d'une attaque.

Pulse Secure précise que la mesure de contournement désactive Pulse Collaboration et peut affecter un éventuel répartiteur de charge s'il est placé devant l'équipement.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	N/A	N/A	Pulse Connect Secure versions 9.1RX
	N/A	N/A	Pulse Connect Secure versions 9.0R3 et ultérieures

References

Title

Publication Time

Tags

Billet de blogue FireEye du 20 avril 2021	-	other
Outil de vérification d'intégrité Pulse Secure	-	other
Bulletin de sécurité Pulse Secure SA44784 du 20 avril 2021	-	other
Avis CERT-FR CERTFR-2021-AVI-335 du 03 mai 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pulse Connect Secure versions 9.1RX",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pulse Connect Secure versions 9.0R3 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2021-06-21",
  "content": "## Contournement provisoire\n\nDans l\u0027attente de la publication du correctif (d\u00e9but mai selon FireEye),\nPulse Secure a mis \u00e0 disposition une mesure de contournement. La\nproc\u00e9dure est d\u00e9crite dans son bulletin de s\u00e9curit\u00e9.\n\nPulse Secure indique que sa mesure de contournement ne fonctionne pas\npour les versions\u00a09.0R1 \u00e0 9.0R4.1 et 9.1R1 \u00e0 9.1R2. Il convient alors de\npr\u00e9alablement mettre l\u0027\u00e9quipement \u00e0 jour vers une version compatible\navec cette mesure de contournement.\n\nPour mettre en place la mesure de contournement, il faut t\u00e9l\u00e9charger et\nimporter le fichier\u00a0Workaround-2104.xml. Il faut \u00e9galement v\u00e9rifier que\nle Windows File Browser est d\u00e9sactiv\u00e9 pour chaque utilisateur. La mesure\nde contournement repose sur une liste noire d\u0027URLs consid\u00e9r\u00e9es comme\ncaract\u00e9ristiques d\u0027une attaque.\n\nPulse Secure pr\u00e9cise que la mesure de contournement d\u00e9sactive\u00a0Pulse\nCollaboration et peut affecter un \u00e9ventuel r\u00e9partiteur de charge s\u0027il\nest plac\u00e9 devant l\u0027\u00e9quipement.\n\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\u00a0\n",
  "cves": [
    {
      "name": "CVE-2021-22893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22893"
    },
    {
      "name": "CVE-2021-22894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22894"
    },
    {
      "name": "CVE-2021-22899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22899"
    },
    {
      "name": "CVE-2021-22900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22900"
    }
  ],
  "links": [
    {
      "title": "Billet de blogue FireEye du 20 avril 2021",
      "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
    },
    {
      "title": "Outil de v\u00e9rification d\u0027int\u00e9grit\u00e9 Pulse Secure",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Pulse Secure SA44784 du 20 avril 2021",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-335 du 03 mai 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-335/"
    }
  ],
  "reference": "CERTFR-2021-ALE-007",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-20T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis CERT-FR CERTFR-2021-AVI-335 et disponibilit\u00e9 du correctif.",
      "revision_date": "2021-05-03T00:00:00.000000"
    },
    {
      "description": "correction du lien CERT-FR",
      "revision_date": "2021-05-03T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-06-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[version du 3 mai 2021\\]\u003c/strong\u003e\n\nL\u0027\u00e9diteur a publi\u00e9 le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2021-22893,\nainsi que les vuln\u00e9rabilit\u00e9s CVE-2021-22894, CVE-2021-22899 et\nCVE-2021-22900 avec un score CVSSv3 respectivement de 9.9, 9.9 et 7.2.\n\nSi des mesures de contournement ont \u00e9t\u00e9 appliqu\u00e9es, elles doivent \u00eatre\nretir\u00e9es en important le fichier remove-workaround-2104.xml, et les\nparam\u00e8tres\u00a0\u003cspan id=\"j_id0:j_id1:j_id954\"\u003e\u003cspan\nid=\"j_id0:j_id1:j_id954:j_id955:j_id978\"\u003e\u003cspan\nid=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986\"\u003e\u003cspan\nid=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986:j_id987:j_id1230:j_id1232:3:j_id1233:j_id1234\"\u003e\"Files,\nWindows\" et \"Meetings\"\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e doivent \u00eatre\nrestaur\u00e9s avant l\u0027application du correctif (cf. bulletin de s\u00e9curit\u00e9 de\nl\u0027\u00e9diteur).\n\n\u003cstrong\u003e\\[version du 20 avril 2021\\]\u003c/strong\u003e\n\nLe 20 avril 2021, Pulse Secure a publi\u00e9 un bulletin de s\u00e9curit\u00e9\nconcernant la vuln\u00e9rabilit\u00e9\u00a0CVE-2021-22893 (cf. section Documentation).\nCelle-ci permet \u00e0 un attaquant non authentifi\u00e9 d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance. Aucun correctif n\u0027est pour l\u2019instant disponible.\n\nLe m\u00eame jour, FireEye a publi\u00e9 un billet de blogue\u00a0(cf. section\nDocumentation) expliquant que cette vuln\u00e9rabilit\u00e9 est activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es. Au cours d\u0027une exploitation,\nles attaquants modifient certains fichiers pour d\u00e9poser des portes\nd\u00e9rob\u00e9es et effacer leurs traces.\n\nPulse Secure a publi\u00e9 un outil qui tente de d\u00e9tecter ces\nmodifications\u00a0(cf. section Documentation).\n\n\u00a0\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Pulse Connect Secure",
  "vendor_advisories": []
}

CERTFR-2021-ALE-007

Vulnerability from certfr_alerte - Published: - Updated:

[version du 3 mai 2021]

[version du 20 avril 2021]

Pulse Secure a publié un outil qui tente de détecter ces modifications (cf. section Documentation).

Contournement provisoire

Dans l'attente de la publication du correctif (début mai selon FireEye), Pulse Secure a mis à disposition une mesure de contournement. La procédure est décrite dans son bulletin de sécurité.

Pulse Secure précise que la mesure de contournement désactive Pulse Collaboration et peut affecter un éventuel répartiteur de charge s'il est placé devant l'équipement.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	N/A	N/A	Pulse Connect Secure versions 9.1RX
	N/A	N/A	Pulse Connect Secure versions 9.0R3 et ultérieures

References

Title

Publication Time

Tags

Billet de blogue FireEye du 20 avril 2021	-	other
Outil de vérification d'intégrité Pulse Secure	-	other
Bulletin de sécurité Pulse Secure SA44784 du 20 avril 2021	-	other
Avis CERT-FR CERTFR-2021-AVI-335 du 03 mai 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pulse Connect Secure versions 9.1RX",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Pulse Connect Secure versions 9.0R3 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2021-06-21",
  "content": "## Contournement provisoire\n\nDans l\u0027attente de la publication du correctif (d\u00e9but mai selon FireEye),\nPulse Secure a mis \u00e0 disposition une mesure de contournement. La\nproc\u00e9dure est d\u00e9crite dans son bulletin de s\u00e9curit\u00e9.\n\nPulse Secure indique que sa mesure de contournement ne fonctionne pas\npour les versions\u00a09.0R1 \u00e0 9.0R4.1 et 9.1R1 \u00e0 9.1R2. Il convient alors de\npr\u00e9alablement mettre l\u0027\u00e9quipement \u00e0 jour vers une version compatible\navec cette mesure de contournement.\n\nPour mettre en place la mesure de contournement, il faut t\u00e9l\u00e9charger et\nimporter le fichier\u00a0Workaround-2104.xml. Il faut \u00e9galement v\u00e9rifier que\nle Windows File Browser est d\u00e9sactiv\u00e9 pour chaque utilisateur. La mesure\nde contournement repose sur une liste noire d\u0027URLs consid\u00e9r\u00e9es comme\ncaract\u00e9ristiques d\u0027une attaque.\n\nPulse Secure pr\u00e9cise que la mesure de contournement d\u00e9sactive\u00a0Pulse\nCollaboration et peut affecter un \u00e9ventuel r\u00e9partiteur de charge s\u0027il\nest plac\u00e9 devant l\u0027\u00e9quipement.\n\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\u00a0\n",
  "cves": [
    {
      "name": "CVE-2021-22893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22893"
    },
    {
      "name": "CVE-2021-22894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22894"
    },
    {
      "name": "CVE-2021-22899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22899"
    },
    {
      "name": "CVE-2021-22900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22900"
    }
  ],
  "links": [
    {
      "title": "Billet de blogue FireEye du 20 avril 2021",
      "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
    },
    {
      "title": "Outil de v\u00e9rification d\u0027int\u00e9grit\u00e9 Pulse Secure",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Pulse Secure SA44784 du 20 avril 2021",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-335 du 03 mai 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-335/"
    }
  ],
  "reference": "CERTFR-2021-ALE-007",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-20T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027avis CERT-FR CERTFR-2021-AVI-335 et disponibilit\u00e9 du correctif.",
      "revision_date": "2021-05-03T00:00:00.000000"
    },
    {
      "description": "correction du lien CERT-FR",
      "revision_date": "2021-05-03T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-06-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[version du 3 mai 2021\\]\u003c/strong\u003e\n\nL\u0027\u00e9diteur a publi\u00e9 le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2021-22893,\nainsi que les vuln\u00e9rabilit\u00e9s CVE-2021-22894, CVE-2021-22899 et\nCVE-2021-22900 avec un score CVSSv3 respectivement de 9.9, 9.9 et 7.2.\n\nSi des mesures de contournement ont \u00e9t\u00e9 appliqu\u00e9es, elles doivent \u00eatre\nretir\u00e9es en important le fichier remove-workaround-2104.xml, et les\nparam\u00e8tres\u00a0\u003cspan id=\"j_id0:j_id1:j_id954\"\u003e\u003cspan\nid=\"j_id0:j_id1:j_id954:j_id955:j_id978\"\u003e\u003cspan\nid=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986\"\u003e\u003cspan\nid=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986:j_id987:j_id1230:j_id1232:3:j_id1233:j_id1234\"\u003e\"Files,\nWindows\" et \"Meetings\"\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e doivent \u00eatre\nrestaur\u00e9s avant l\u0027application du correctif (cf. bulletin de s\u00e9curit\u00e9 de\nl\u0027\u00e9diteur).\n\n\u003cstrong\u003e\\[version du 20 avril 2021\\]\u003c/strong\u003e\n\nLe 20 avril 2021, Pulse Secure a publi\u00e9 un bulletin de s\u00e9curit\u00e9\nconcernant la vuln\u00e9rabilit\u00e9\u00a0CVE-2021-22893 (cf. section Documentation).\nCelle-ci permet \u00e0 un attaquant non authentifi\u00e9 d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance. Aucun correctif n\u0027est pour l\u2019instant disponible.\n\nLe m\u00eame jour, FireEye a publi\u00e9 un billet de blogue\u00a0(cf. section\nDocumentation) expliquant que cette vuln\u00e9rabilit\u00e9 est activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es. Au cours d\u0027une exploitation,\nles attaquants modifient certains fichiers pour d\u00e9poser des portes\nd\u00e9rob\u00e9es et effacer leurs traces.\n\nPulse Secure a publi\u00e9 un outil qui tente de d\u00e9tecter ces\nmodifications\u00a0(cf. section Documentation).\n\n\u00a0\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Pulse Connect Secure",
  "vendor_advisories": []
}

GSD-2021-22893

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22893

Aliases

CVE-2021-22893

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22893",
    "description": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.",
    "id": "GSD-2021-22893"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22893"
      ],
      "details": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.",
      "id": "GSD-2021-22893",
      "modified": "2023-12-13T01:23:24.316121Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-22893",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-04-23",
      "product": "Pulse Connect Secure",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Vulnerability to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.",
      "vendorProject": "Pulse Secure",
      "vulnerabilityName": "Pulse Connect Secure Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2021-22893",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Pulse Connect Secure",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "PCS 9.0R3 or above, PCS 9.1R1 and above"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Authentication - Generic (CWE-287)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/",
            "refsource": "MISC",
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
          },
          {
            "name": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/",
            "refsource": "MISC",
            "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
          },
          {
            "name": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html",
            "refsource": "MISC",
            "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
          },
          {
            "name": "https://kb.cert.org/vuls/id/213092",
            "refsource": "MISC",
            "url": "https://kb.cert.org/vuls/id/213092"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2021-04-23",
        "cisaExploitAdd": "2021-11-03",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Ivanti Pulse Connect Secure Use-After-Free Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "3818B543-3415-4E27-8DAD-6BA9D3D9A1A5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
                    "matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
                    "matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
                    "matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
                    "matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
                    "matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*",
                    "matchCriteriaId": "5DA976D9-A330-475E-B8C0-09EF3E08F18D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*",
                    "matchCriteriaId": "59F4A6F7-A6D4-4517-A316-7C7C002A9ED3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*",
                    "matchCriteriaId": "702094B0-2E5C-4A16-A8B0-F0EAF78E4ECB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*",
                    "matchCriteriaId": "A369AE09-17E4-4541-A8E1-A2F4A1398EE7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*",
                    "matchCriteriaId": "24EF2F1A-8140-4FDB-8AF4-309AFAF998E1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*",
                    "matchCriteriaId": "4755BC2C-A96E-47AF-9D7C-E8D44B31F10B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*",
                    "matchCriteriaId": "BF6E8A0C-192B-4F51-86AA-FC2B85657632",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
                    "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
                    "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*",
                    "matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*",
                    "matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*",
                    "matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*",
                    "matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
                    "matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
                    "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
                    "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
                    "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
                    "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
                    "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
                    "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
                    "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
                    "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
                    "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
                    "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
                    "matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
                    "matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*",
                    "matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
                    "matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
                    "matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*",
                    "matchCriteriaId": "F54753D0-6275-4F82-B874-55438D2983B3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
          },
          {
            "lang": "es",
            "value": "Pulse Connect Secure versiones 9.0R3/9.1R1 y posteriores, es susceptible a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n expuesta por las funciones de Windows File Share Browser y Pulse Secure Collaboration de Pulse Connect Secure, que pueden permitir a un usuario no autenticado llevar a cabo una ejecuci\u00f3n de c\u00f3digo remoto arbitrario en Pulse Connect Secure gateway.\u0026#xa0;Esta vulnerabilidad ha sido explotado en el wild"
          }
        ],
        "id": "CVE-2021-22893",
        "lastModified": "2024-02-27T21:04:17.560",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-04-23T17:15:08.127",
        "references": [
          {
            "source": "support@hackerone.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "https://kb.cert.org/vuls/id/213092"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
          }
        ],
        "sourceIdentifier": "support@hackerone.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-287"
              }
            ],
            "source": "support@hackerone.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

GHSA-HCXW-PRP6-Q3JQ

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2025-10-22 00:32

Details

Severity ?

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-23T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.",
  "id": "GHSA-hcxw-prp6-q3jq",
  "modified": "2025-10-22T00:32:07Z",
  "published": "2022-05-24T17:48:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22893"
    },
    {
      "type": "WEB",
      "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/213092"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893"
    },
    {
      "type": "WEB",
      "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/213092"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2021-AVI-335

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Pulse Connect Secure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Pulse Connect Secure versions 9.0RX et 9.1RX antérieures à 9.1R11.4

Note : Si des mesures de contournement ont été appliquées, elles doivent être retirées en important le fichier remove-workaround-2104.xml, et les paramètres "Files, Windows" et "Meetings" doivent être restaurés avant l'application du correctif (cf. bulletin de sécurité de l'éditeur).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Pulse Secure SA44784 du 20 avril 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003ePulse Connect Secure versions 9.0RX et 9.1RX ant\u00e9rieures \u00e0 9.1R11.4\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e : Si des mesures de contournement ont \u00e9t\u00e9 appliqu\u00e9es, elles doivent \u00eatre retir\u00e9es en important le fichier remove-workaround-2104.xml, et les param\u00e8tres\u00a0\u003cspan id=\"j_id0:j_id1:j_id954\"\u003e\u003cspan id=\"j_id0:j_id1:j_id954:j_id955:j_id978\"\u003e\u003cspan id=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986\"\u003e\u003cspan id=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986:j_id987:j_id1230:j_id1232:3:j_id1233:j_id1234\"\u003e\"Files, Windows\" et \"Meetings\"\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e doivent \u00eatre restaur\u00e9s avant l\u0027application du correctif (cf. bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur).\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22894"
    },
    {
      "name": "CVE-2021-22893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22893"
    },
    {
      "name": "CVE-2021-22900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22900"
    },
    {
      "name": "CVE-2021-22899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22899"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-335",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Pulse Connect\nSecure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Pulse Connect Secure",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Pulse Secure SA44784 du 20 avril 2021",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
    }
  ]
}

CERTFR-2021-AVI-335

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Pulse Connect Secure versions 9.0RX et 9.1RX antérieures à 9.1R11.4

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Pulse Secure SA44784 du 20 avril 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003ePulse Connect Secure versions 9.0RX et 9.1RX ant\u00e9rieures \u00e0 9.1R11.4\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e : Si des mesures de contournement ont \u00e9t\u00e9 appliqu\u00e9es, elles doivent \u00eatre retir\u00e9es en important le fichier remove-workaround-2104.xml, et les param\u00e8tres\u00a0\u003cspan id=\"j_id0:j_id1:j_id954\"\u003e\u003cspan id=\"j_id0:j_id1:j_id954:j_id955:j_id978\"\u003e\u003cspan id=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986\"\u003e\u003cspan id=\"j_id0:j_id1:j_id954:j_id955:j_id978:j_id979:j_id986:j_id987:j_id1230:j_id1232:3:j_id1233:j_id1234\"\u003e\"Files, Windows\" et \"Meetings\"\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e doivent \u00eatre restaur\u00e9s avant l\u0027application du correctif (cf. bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur).\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22894"
    },
    {
      "name": "CVE-2021-22893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22893"
    },
    {
      "name": "CVE-2021-22900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22900"
    },
    {
      "name": "CVE-2021-22899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22899"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-335",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Pulse Connect\nSecure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Pulse Connect Secure",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Pulse Secure SA44784 du 20 avril 2021",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
    }
  ]
}

FKIE_CVE-2021-22893

Vulnerability from fkie_nvd - Published: 2021-04-23 17:15 - Updated: 2025-10-30 20:40

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
support@hackerone.com	https://blog.pulsesecure.net/pulse-connect-secure-security-update/	Vendor Advisory
support@hackerone.com	https://kb.cert.org/vuls/id/213092	Third Party Advisory, US Government Resource
support@hackerone.com	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/	Broken Link, Vendor Advisory
support@hackerone.com	https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.pulsesecure.net/pulse-connect-secure-security-update/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.cert.org/vuls/id/213092	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/213092	US Government Resource
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893	US Government Resource

Impacted products

Vendor	Product	Version
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.0
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1
ivanti	connect_secure	9.1

JSON

To clipboard

{
  "cisaActionDue": "2021-04-23",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Ivanti Pulse Connect Secure Use-After-Free Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3818B543-3415-4E27-8DAD-6BA9D3D9A1A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
              "matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
              "matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
              "matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
              "matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*",
              "matchCriteriaId": "5DA976D9-A330-475E-B8C0-09EF3E08F18D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*",
              "matchCriteriaId": "59F4A6F7-A6D4-4517-A316-7C7C002A9ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*",
              "matchCriteriaId": "702094B0-2E5C-4A16-A8B0-F0EAF78E4ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*",
              "matchCriteriaId": "A369AE09-17E4-4541-A8E1-A2F4A1398EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "24EF2F1A-8140-4FDB-8AF4-309AFAF998E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*",
              "matchCriteriaId": "4755BC2C-A96E-47AF-9D7C-E8D44B31F10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*",
              "matchCriteriaId": "BF6E8A0C-192B-4F51-86AA-FC2B85657632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*",
              "matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*",
              "matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*",
              "matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*",
              "matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
              "matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
              "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
              "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
              "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
              "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
              "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
              "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
              "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
              "matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
              "matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*",
              "matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
              "matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
              "matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*",
              "matchCriteriaId": "F54753D0-6275-4F82-B874-55438D2983B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
    },
    {
      "lang": "es",
      "value": "Pulse Connect Secure versiones 9.0R3/9.1R1 y posteriores, es susceptible a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n expuesta por las funciones de Windows File Share Browser y Pulse Secure Collaboration de Pulse Connect Secure, que pueden permitir a un usuario no autenticado llevar a cabo una ejecuci\u00f3n de c\u00f3digo remoto arbitrario en Pulse Connect Secure gateway.\u0026#xa0;Esta vulnerabilidad ha sido explotado en el wild"
    }
  ],
  "id": "CVE-2021-22893",
  "lastModified": "2025-10-30T20:40:52.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-04-23T17:15:08.127",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://kb.cert.org/vuls/id/213092"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://kb.cert.org/vuls/id/213092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/213092"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22893 (GCVE-0-2021-22893)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Contournement provisoire

Solution

Contournement provisoire

Solution

Solution

Solution

Tags

Sightings

Nomenclature