Security News > 2021 > August > Critical Code Execution Vulnerability Patched in Pulse Connect Secure
IT management and security company Ivanti this week released patches for multiple vulnerabilities in its Pulse Connect Secure VPN appliances, including a critical issue that could be exploited to execute arbitrary code with root privileges.
Tracked as CVE-2021-22937, the issue is in fact a bypass of the patch released in October last year for CVE-2020-8260, a high-severity remote code execution flaw in the admin web interface of Pulse Connect Secure.
Pulse Connect Secure administrators can import archived configurations that are compressed using GZIP and encrypted with a hardcoded key.
The patch for CVE-2020-8260 added validation to extracted files, but not for the "Profiler" type, meaning that the patch could be easily bypassed for code execution by simply modifying the original exploit to use the "Profiler" archive type.
In May 2021, Ivanti patched CVE-2020-22900, a bug that could allow for code execution by modifying the original exploit to specific CGI files.
Pulse Connect Secure 9.1R12 also addresses CVE-2021-22935, a critical-severity vulnerability that could be exploited for command injection "Via an unsanitized web parameter."
News URL
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-16 | CVE-2021-22937 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | 7.2 |
| 2021-08-16 | CVE-2021-22935 | Command Injection vulnerability in multiple products A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | 7.2 |
| 2020-10-28 | CVE-2020-8260 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Connect Secure A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | 7.2 |