#VU53277 Buffer overflow in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2021-22908
Published: May 14, 2021 / Updated: August 5, 2021
Vulnerability identifier: #VU53277
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green
CVE-ID: CVE-2021-22908
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Ivanti Connect Secure (formerly Pulse Connect Secure)
Software vendor:
Ivanti
Ivanti
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote authenticated user with privileges to browse SMB shares can execute arbitrary code on the system as the root user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.