← back
CVE-2021-22894

CVE-2021-22894

CVSS 8.8 HIGHEPSS 41.3%● KEVCWE-94
In short

A flaw in Pulse Connect Secure allows an authenticated user to send a specially crafted meeting room request that overflows a memory buffer, letting them run malicious code with administrative privileges on the server.

Technical detail

Buffer overflow vulnerability in Pulse Connect Secure versions prior to 9.1R11.4 exploitable by authenticated attackers via maliciously crafted meeting room input, resulting in arbitrary code execution with root privileges. The vulnerability stems from insufficient input validation on meeting room parameters, allowing memory corruption and control flow hijacking.

Summary generated and translated by AI from the official description.
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Pulse Connect Secure

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAYhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22894