Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-22893
HistoryApr 23, 2021 - 5:15 p.m.

CVE-2021-22893

2021-04-2317:15:00
CWE-416
[email protected]
web.nvd.nist.gov
1041
In Wild
79
cve-2021-22893
pulse connect secure
vulnerability
authentication bypass
remote code execution
nvd
exploit

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

Social References

More

Related

thn 6
githubexploit 6
checkpoint_advisories 1
fireeye 2
cisa_kev 1
cisa 1
threatpost 11
talosblog 1
attackerkb 1
prion 1
cert 1
rapid7blog 1
malwarebytes 1
nessus 1
securelist 1
ics 4
mmpc 1
mssecure 1
qualysblog 4
thn
thn
Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices
2021-05-28 07:29:00
Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
2021-05-04 07:52:00
WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations
2021-04-21 04:20:00
githubexploit
githubexploit
Exploit for Use After Free in Ivanti Connect Secure
2021-10-03 21:46:58
Exploit for Use After Free in Ivanti Connect Secure
2021-04-21 09:48:57
Exploit for Improper Authentication in Pulsesecure Pulse Connect Secure
2021-04-21 10:09:56
checkpoint_advisories
checkpoint_advisories
Pulse Connect Secure Authentication Bypass (CVE-2021-22893)
2022-04-03 00:00:00
fireeye
fireeye
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
2021-05-27 00:00:00
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021-04-20 00:00:00
cisa_kev
cisa_kev
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
2021-11-03 00:00:00
cisa
cisa
Ivanti Releases Pulse Secure Security Update
2021-05-03 00:00:00
threatpost
threatpost
BazarLoader Malware Abuses Slack, BaseCamp Clouds
2021-04-16 20:27:25
What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis
2021-04-19 15:27:38
New Attacks Slaughter All Spectre Defenses
2021-05-03 20:56:03
talosblog
talosblog
Threat Advisory: Pulse Secure Connect Coverage
2021-04-22 10:29:36
attackerkb
attackerkb
CVE-2021-22893
2021-04-23 00:00:00
prion
prion
Authentication flaw
2021-04-23 17:15:00
cert
cert
Pulse Connect Secure contains a use-after-free vulnerability
2021-04-20 00:00:00
rapid7blog
rapid7blog
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
2021-04-21 20:10:08
malwarebytes
malwarebytes
Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild
2021-04-21 18:12:15
nessus
nessus
Pulse Connect Secure < 9.1R11.4 (SA44784)
2021-04-20 00:00:00
securelist
securelist
APT trends report Q2 2021
2021-07-29 10:00:46
ics
ics
Exploitation of Pulse Connect Secure Vulnerabilities
2021-08-24 12:00:00
Peopleโ€™s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
2022-06-10 12:00:00
Top Routinely Exploited Vulnerabilities
2021-08-20 12:00:00
mmpc
mmpc
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
2022-05-09 13:00:00
mssecure
mssecure
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
2022-05-09 13:00:00
qualysblog
qualysblog
CISA Alert: Top Routinely Exploited Vulnerabilities
2021-07-29 00:20:27
Microsoft & Adobe Patch Tuesday (May 2021) โ€“ Qualys covers 85 Vulnerabilities, 26 Critical
2021-05-11 21:53:37
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON
Related for CVE-2021-22893
thn6githubexploit6checkpoint_advisories1fireeye2cisa_kev1cisa1threatpost11talosblog1attackerkb1prion1cert1rapid7blog1malwarebytes1nessus1securelist1ics4mmpc1mssecure1qualysblog4