CVE-2021-22937

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 9.1R12

Description The issue allows an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. This could potentially enable a remote attacker to execute arbitrary code by uploading a specially crafted archive through the administrator web interface.

Recommendations For Pulse Connect Secure versions prior to 9.1R12, update to version 9.1R12 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrator web interface to minimize the risk of exploitation. Avoid using the feature that allows uploading archives until the issue is resolved.