Security News > 2021 > August > Critical Code Execution Vulnerability Patched in Pulse Connect Secure
IT management and security company Ivanti this week released patches for multiple vulnerabilities in its Pulse Connect Secure VPN appliances, including a critical issue that could be exploited to execute arbitrary code with root privileges.
Tracked as CVE-2021-22937, the issue is in fact a bypass of the patch released in October last year for CVE-2020-8260, a high-severity remote code execution flaw in the admin web interface of Pulse Connect Secure.
Pulse Connect Secure administrators can import archived configurations that are compressed using GZIP and encrypted with a hardcoded key.
The patch for CVE-2020-8260 added validation to extracted files, but not for the "Profiler" type, meaning that the patch could be easily bypassed for code execution by simply modifying the original exploit to use the "Profiler" archive type.
In May 2021, Ivanti patched CVE-2020-22900, a bug that could allow for code execution by modifying the original exploit to specific CGI files.
Pulse Connect Secure 9.1R12 also addresses CVE-2021-22935, a critical-severity vulnerability that could be exploited for command injection "Via an unsanitized web parameter."
News URL
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-16 | CVE-2021-22937 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | 7.2 |
| 2021-08-16 | CVE-2021-22935 | Command Injection vulnerability in multiple products A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | 7.2 |
| 2020-10-28 | CVE-2020-8260 | Unrestricted Upload of File with Dangerous Type vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1 A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | 7.2 |