CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-22894

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.497

EPSS Ranking 97.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

Proposed Action

Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.

Ransomware Campaign

Unknown

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY

Products affected by CVE-2021-22894

Ivanti » Connect Secure » Version: 9.0

cpe:2.3:a:ivanti:connect_secure:9.0
Ivanti » Connect Secure » Version: 9.1

cpe:2.3:a:ivanti:connect_secure:9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22894

Products

Pricing

Contact Us