CVE-2021-22893

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions 9.0R3/9.1R1 and higher

Description The issue is related to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure. This vulnerability can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. The vulnerability has been exploited in the wild.

Recommendations For Pulse Connect Secure versions 9.0R3/9.1R1 and higher, consider disabling the Windows File Share Browser and Pulse Secure Collaboration features as a temporary workaround until a patch is available. Restrict access to the Pulse Connect Secure gateway to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.