- Description
- A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
- Source
- support@hackerone.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Ivanti Pulse Connect Secure Code Execution Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- Apr 23, 2021
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87FBC6AD-0A70-4626-A152-E49BECF9F7AF",
"versionEndIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "130C8955-BDA4-4518-8EBA-740EB08FC3E4"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E2D041D-9BDD-416D-B658-1C517C854104"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7155EB34-E8E0-49AF-BDA2-FB4BFA44662E"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25EE614A-5F32-4CA9-998A-4FAF16DC100C"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F49EE829-A2CD-491E-BFC3-7888491D7C58"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2254DDF1-7FF3-49E1-8826-91F49A6794F8"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EA4DA8-CD09-41AC-ADCB-27CF771C016B"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D6CECCB-18BA-4219-95A2-2525A2BDCE36"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9"
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E"
}
],
"operator": "OR"
}
]
}
]