CVE-2021-22899

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 9.1R11.4

Description The issue is related to insufficient input validation in the Resource Profiles component of Pulse Connect Secure VPN gateways for corporate networks. It allows a remote attacker to execute arbitrary code by sending a specially crafted request. A command injection vulnerability exists, enabling a remote authenticated attacker to perform remote code execution via the Windows Resource Profiles Feature.

Recommendations For versions prior to 9.1R11.4, update to version 9.1R11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Windows Resource Profiles Feature until a patch is applied.