CVE-2021-22894

Опубликовано: 27 мая 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

Ссылки

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY
Broken Link
Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY
Broken Link
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22894
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r1.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r2.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r4.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.5062

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-94

CWE-119

Связанные уязвимости

GHSA-2f6h-jr2m-2vpj

CVSS3: 8.8

github

больше 3 лет назад

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

BDU:2021-06041

CVSS3: 8.8

fstec

почти 5 лет назад

Уязвимость VPN-шлюза корпоративных сетей Pulse Connect Secure, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%

0.5062

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-94

CWE-119