Vulnerability Details : CVE-2022-21826
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2022-21826
- cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*
- cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-21826
37.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-21826
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2022-21826
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2022-21826
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/
Pulse Security Advisory: SA45476 - Client Side Desync Attack (Informational)Vendor Advisory
Jump to