cbcvebase.
CVE-2021-22894
published 2021-05-27

CVE-2021-22894: A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root…

PriorityP185high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
41.28%
98.5th percentile
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure
ivanticonnect_secure
ivantipulse_connect_secure

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is exploited via a maliciously crafted meeting room request by a remote authenticated user, targeting the Pulse Connect Secure Collaboration Suite component
  • Successful exploitation results in code execution as root; monitor for unexpected root-level process spawning from Pulse Connect Secure service processes
  • ·Vulnerability affects Pulse Connect Secure versions before 9.1R11.4; ensure patching to 9.1R11.4 or later per vendor guidance
  • ·This CVE is listed in the CISA Known Exploited Vulnerabilities catalog and was subject to Emergency Directive ED 21-03, indicating active in-the-wild exploitation

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.