Overview
- Description
- A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
- Source
- support@hackerone.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Known exploits
Data from CISA
- Vulnerability name
- Ivanti Pulse Connect Secure Code Execution Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- Apr 23, 2021
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26AEB02E-D2D0-4D7A-BB00-9E5112696B17"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB"
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24"
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_connect_secure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18272F7E-A9BA-4175-B6F6-F7E550D736CE",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B031D2AE-70BE-48BB-A9E9-0A0DAAAFF55F",
"versionEndIncluding": "9.0"
}
],
"operator": "OR"
}
]
}
]