mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
374 lines
14 KiB
JSON
374 lines
14 KiB
JSON
{
|
|
"id": "CVE-2021-22893",
|
|
"sourceIdentifier": "support@hackerone.com",
|
|
"published": "2021-04-23T17:15:08.127",
|
|
"lastModified": "2025-03-21T19:26:19.180",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Pulse Connect Secure versiones 9.0R3/9.1R1 y posteriores, es susceptible a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n expuesta por las funciones de Windows File Share Browser y Pulse Secure Collaboration de Pulse Connect Secure, que pueden permitir a un usuario no autenticado llevar a cabo una ejecuci\u00f3n de c\u00f3digo remoto arbitrario en Pulse Connect Secure gateway. Esta vulnerabilidad ha sido explotado en el wild"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
|
"baseScore": 10.0,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 6.0
|
|
},
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
|
"baseScore": 10.0,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 6.0
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 7.5,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"cisaExploitAdd": "2021-11-03",
|
|
"cisaActionDue": "2021-04-23",
|
|
"cisaRequiredAction": "Apply updates per vendor instructions.",
|
|
"cisaVulnerabilityName": "Ivanti Pulse Connect Secure Use-After-Free Vulnerability",
|
|
"weaknesses": [
|
|
{
|
|
"source": "support@hackerone.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-287"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-416"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3818B543-3415-4E27-8DAD-6BA9D3D9A1A5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D47D09A8-4AC4-4CD9-B648-5F26453E2E1D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "59331DC5-FF5F-4BB3-905E-5A4A621F86ED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6A708C3F-9050-4475-95B3-4785D3E2CB69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "52851AAA-88FB-40BC-B41A-B821F6BA9F79"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F05DC11E-7C41-450B-A2BF-603E9252BB40"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5DA976D9-A330-475E-B8C0-09EF3E08F18D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "59F4A6F7-A6D4-4517-A316-7C7C002A9ED3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "702094B0-2E5C-4A16-A8B0-F0EAF78E4ECB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A369AE09-17E4-4541-A8E1-A2F4A1398EE7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "24EF2F1A-8140-4FDB-8AF4-309AFAF998E1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4755BC2C-A96E-47AF-9D7C-E8D44B31F10B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BF6E8A0C-192B-4F51-86AA-FC2B85657632"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F54753D0-6275-4F82-B874-55438D2983B3"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.cert.org/vuls/id/213092",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Vendor Advisory",
|
|
"Broken Link"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.cert.org/vuls/id/213092",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory",
|
|
"Broken Link"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.kb.cert.org/vuls/id/213092",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |