Home

CVE-2021-22899

Description

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
16.583

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r2.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r4.3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r5Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r6Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r7Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r8.4Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.5Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r4Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r4.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r5.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r6.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r10.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r10.2Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.0Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.3Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r9Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r9.1Windows
Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r9.2Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r1.0Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r2.0Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r3.0Windows
Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r4.0Windows
Vulnerabilities CVE-2021-22899 are affected in Ivanti Connect Secure 9.0.rxWindows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234