Vulnerability Details : CVE-2021-22894
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
Vulnerability category: OverflowExecute code
Products affected by CVE-2021-22894
- cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r1.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r2.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r3.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.0:r4.0:*:*:*:*:*:*
CVE-2021-22894 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
Notes:
Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/v
Added on
2021-11-03
Action due date
2021-04-23
Exploit prediction scoring system (EPSS) score for CVE-2021-22894
0.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22894
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-22894
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: support@hackerone.com (Secondary)
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-22894
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY
Pulse Security Advisory: SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4Vendor Advisory
Jump to