10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.6%
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Recent assessments:
awesom3alex at April 21, 2021 2:01pm UTC reported:
Pulse Secure Pulse Connect Secure 9.1.R.11.3 and earlier are affected by an authenticated bypass vulnerability, CVE-2021-22893, when exploited it is very likely the threat actor can achieve remote code execution. Exploitation has been observed by APT 5 (UNC2630) and UNC2717.
A Proof-of-Concept exploit is not publicly available.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
blog.pulsesecure.net/pulse-connect-secure-security-update/
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22893
kb.cert.org/vuls/id/213092
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.6%