← back
CVE-2021-22899

CVE-2021-22899

CVSS 8.8 HIGHEPSS 22.3%● KEVCWE-77
In short

Pulse Connect Secure has a flaw in its Windows Resource Profiles feature that lets authenticated users run arbitrary commands on the server. This is dangerous because someone with login credentials can take over the system.

Technical detail

CWE-77 command injection vulnerability in the Windows Resource Profiles feature of Pulse Connect Secure versions prior to 9.1R11.4 allows an authenticated attacker to execute arbitrary system commands with the privileges of the application, leading to complete system compromise.

Summary generated and translated by AI from the official description.
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Pulse Connect Secure

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAYhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22899