CVE-2021-22893
CRITICAL severity · CVSS 10 · Improper authentication · actively exploited (CISA KEV)
10CVSS CRITICAL ● exploited ⚠ ransomware
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
⚠ Known use in ransomware campaigns. Added to KEV 2021-11-03. US federal agencies must patch by 2022-05-03.
Summary
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)94%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://blog.pulsesecure.net/pulse-connect-secure-security-update/Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/Advisory
- https://blog.pulsesecure.net/pulse-connect-secure-security-update/Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/Advisory
- https://kb.cert.org/vuls/id/213092Advisory
- https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.htmlAdvisory
- https://kb.cert.org/vuls/id/213092Advisory
- https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.htmlAdvisory