CVE-2021-22908
published 2021-05-27CVE-2021-22908: A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
69.38%
99.3th percentile
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_connect_secure | — | — |
| pulsesecure | pulse_connect_secure | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is exploitable only by remote authenticated users who have been granted privileges to browse SMB shares via Windows File Resource Profiles in Ivanti 9.X — monitor for exploitation attempts from authenticated sessions with this specific permission enabled ↗
- →Trigger condition is tied to the 'browse SMB shares' permission within Windows File Resource Profiles — audit and alert on any accounts granted this permission on affected 9.X versions ↗
- ·The 'browse SMB shares' permission is NOT enabled by default as of version 9.1R3 — exploitation requires this permission to have been explicitly granted; verify whether it is enabled in your deployment ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-37f5-2q74-7wvc: A buffer overflow vulnerability exists in Windows File Resource Profiles in 9
ghsa_unreviewed·2022-05-24
CVE-2021-22908 [HIGH] CWE-120 GHSA-37f5-2q74-7wvc: A buffer overflow vulnerability exists in Windows File Resource Profiles in 9
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
Ivanti
Ivanti Security Advisory: CVE-2021-22908
vendor_ivanti·2021-05-27·CVSS 8.8
CVE-2021-22908 [HIGH] CWE-120 Ivanti Security Advisory: CVE-2021-22908
Ivanti Security Advisory: CVE-2021-22908
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
CVE IDs: CVE-2021-22908
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-120
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-27
Published