Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability (CVE-2021-22894)
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
A remote attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-03 under CISA BOD 22-01.
This is a Code Injection (CWE-94) vulnerability in Ivanti Pulse Connect Secure. A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Exploitation requires remote network access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2021-11-03 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-05-03.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.