CVE-2021-22908
Description
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
31.772
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Remote code execution in Pulse Connect Secure (CVE-2021-22908) | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r1 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r2 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r2.1 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.1 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.2 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.3 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r1 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r3.5 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r4 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r4.1 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r5.0 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.0.r6.0 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r10.0 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r10.2 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.0 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.1 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.3 | Windows |
| Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r1.0 | Windows |
| Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r2.0 | Windows |
| Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r3.0 | Windows |
| Vulnerabilities CVE-2021-22894,CVE-2021-22899,CVE-2021-22900,CVE-2021-22908 are affected in Ivanti Connect Secure 9.0.r4.0 | Windows |
| Multiple Vulnerabilities are affected in Ivanti Connect Secure 9.1.r11.4 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-336891 | Ivanti Secure Access Client (22.7.28369) (Formerly Pulse Secure) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234