Security News > 2021 > May > New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

New High-Severity Vulnerability Reported in Pulse Connect Secure VPN
2021-05-25 00:37

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges.

The flaw, identified as CVE-2021-22908, has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway's ability to connect to Windows file shares through a number of CGI endpoints that could be leveraged to carry out the attack.

Pulse Secure customers are recommended to upgrade to PCS Server version 9.1R.11.

In the interim, Ivanti has published a workaround file that can be imported to disable the Windows File Share Browser feature by adding the vulnerable URL endpoints to a blocklist and thus activate necessary mitigations to protect against this vulnerability.

While Ivanti has recommended turning off Windows File Browser on the Admin UI by disabling the option 'Files, Window [sic]' for specific user roles, CERT/CC found the steps were inadequate to protect against the flaw during its testing.

The disclosure of a new flaw arrives weeks after the Utah-based IT software company patched multiple critical security vulnerabilities in Pulse Connect Secure products, including CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900, the first of which was found to be actively exploited in the wild by at least two different threat actors.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/49QIpwJmZ30/new-high-severity-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-22908 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.
network
low complexity
pulsesecure ivanti CWE-120
8.8
2021-05-27 CVE-2021-22900 Incorrect Resource Transfer Between Spheres vulnerability in multiple products
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
network
low complexity
pulsesecure ivanti CWE-669
7.2
2021-05-27 CVE-2021-22899 Command Injection vulnerability in multiple products
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
network
low complexity
pulsesecure ivanti CWE-77
8.8
2021-05-27 CVE-2021-22894 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
network
low complexity
pulsesecure ivanti CWE-119
8.8
2021-04-23 CVE-2021-22893 Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.
network
low complexity
ivanti CWE-416
critical
10.0