Security News > 2021 > August > Critical Code Execution Vulnerability Patched in Pulse Connect Secure
IT management and security company Ivanti this week released patches for multiple vulnerabilities in its Pulse Connect Secure VPN appliances, including a critical issue that could be exploited to execute arbitrary code with root privileges.
Tracked as CVE-2021-22937, the issue is in fact a bypass of the patch released in October last year for CVE-2020-8260, a high-severity remote code execution flaw in the admin web interface of Pulse Connect Secure.
Pulse Connect Secure administrators can import archived configurations that are compressed using GZIP and encrypted with a hardcoded key.
The patch for CVE-2020-8260 added validation to extracted files, but not for the "Profiler" type, meaning that the patch could be easily bypassed for code execution by simply modifying the original exploit to use the "Profiler" archive type.
In May 2021, Ivanti patched CVE-2020-22900, a bug that could allow for code execution by modifying the original exploit to specific CGI files.
Pulse Connect Secure 9.1R12 also addresses CVE-2021-22935, a critical-severity vulnerability that could be exploited for command injection "Via an unsanitized web parameter."
News URL
Related news
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-16 | CVE-2021-22937 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | 7.2 |
2021-08-16 | CVE-2021-22935 | Command Injection vulnerability in multiple products A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | 7.2 |
2020-10-28 | CVE-2020-8260 | Unrestricted Upload of File with Dangerous Type vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | 6.5 |