CVE-2021-22908

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-22908
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r1.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r2.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r4.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*
History

No history.

Information

Published : 2021-05-27 12:15

Updated : 2024-02-27 21:04

NVD link : CVE-2021-22908

Mitre link : CVE-2021-22908

CVE.ORG link : CVE-2021-22908

JSON object : View

Products Affected

ivanti

  • connect_secure

pulsesecure

  • pulse_connect_secure
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')