A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2021-22894 | Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited through a buffer overflow weakness. Remote authenticated attackers leverage this vulnerability to perform arbitrary code execution with root privileges on the Pulse Connect Secure gateway by manipulating input buffers.
References
|
CVE-2021-22894 | Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability is exploited through a buffer overflow weakness. Remote authenticated attackers leverage this vulnerability to perform arbitrary code execution with root privileges on the Pulse Connect Secure gateway by manipulating input buffers.
References
|