PT-2021-15265 · Pulse · Pulse Connect Secure
Will Dormann
·
Published
2021-05-25
·
Updated
2024-02-27
·
CVE-2021-22908
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Pulse Connect Secure versions 9.X through 9.1R2
Windows File Resource Profiles versions 9.X through 9.1R2
Description
A buffer overflow issue exists, allowing a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. The permission to browse SMB shares is not enabled by default as of version 9.1R3.
Recommendations
For Pulse Connect Secure versions 9.X through 9.1R2, update to a version where this permission is not enabled by default, such as 9.1R3 or later.
For Windows File Resource Profiles versions 9.X through 9.1R2, consider disabling the SMB share browsing feature until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pulse Connect Secure