A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-22900 | Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability | primary_impact | T1068 | Exploitation for Privilege Escalation |
Comments
This vulnerability is exploited through multiple unrestricted uploads. Adversaries with authenticated administrator privileges leverage this vulnerability to perform unauthorized file writes on the system via a maliciously crafted archive upload within the administrator web interface in Pulse Connect Secure.
References
|
| CVE-2021-22900 | Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability | exploitation_technique | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited through multiple unrestricted uploads. Adversaries with authenticated administrator privileges leverage this vulnerability to perform unauthorized file writes on the system via a maliciously crafted archive upload within the administrator web interface in Pulse Connect Secure.
References
|