cbcvebase.
CVE-2021-22900
published 2021-05-27

CVE-2021-22900: A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a…

PriorityP278high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
14.15%
96.1th percentile
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Affected

4 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure
ivanticonnect_secure
ivantipulse_connect_secure
pulsesecurepulse_connect_secure<= 9.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a maliciously crafted archive upload through the administrator web interface of Pulse Connect Secure; monitor for unusual archive file uploads (e.g., ZIP/TAR) submitted to the admin interface
  • The attack results in arbitrary file write on the system; monitor for unexpected new or modified files on Pulse Connect Secure appliances following admin-interface archive uploads
  • ·Exploitation requires an authenticated administrator session; this is not an unauthenticated attack vector. Detection should focus on admin-authenticated sessions performing archive uploads.
  • ·Affected versions are Pulse Connect Secure before 9.1R11.4; ensure patched versions are confirmed before deprioritizing detections.
  • ·CISA issued Emergency Directive ED 21-03 specifically for Pulse Connect Secure vulnerabilities including this CVE; refer to that directive for additional organizational requirements.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.2HIGH
cisa7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.