NVD Vulnerability Detail

CVE-2021-22893

Summary	Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Publication Date	April 24, 2021, 2:15 a.m.
Registration Date	April 24, 2021, 10:02 a.m.
Last Update	Nov. 21, 2024, 2:50 p.m.

CVSS3.1 : CRITICAL
スコア	10.0
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更あり
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ivanti:connect_secure:9.1:r1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r3::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r5::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r6::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r7::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r2.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:-::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.5::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r4::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r4.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r5.0::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r6.0::::::
cpe:2.3:a:ivanti:connect_secure:9.1:-::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.4::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r10.0::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r10.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.0::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.1::::::

Related information, measures and tools

No	URL	タグ
1	https://blog.pulsesecure.net/pulse-connect-secure-security-update/	Vendor Advisory
2	https://blog.pulsesecure.net/pulse-connect-secure-security-update/	Vendor Advisory
3	https://kb.cert.org/vuls/id/213092	Third Party Advisory US Government Resource
4	https://kb.cert.org/vuls/id/213092	Third Party Advisory US Government Resource
5	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/	Vendor Advisory
6	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/	Vendor Advisory
7	https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html	Third Party Advisory
8	https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html	Third Party Advisory
9	https://www.kb.cert.org/vuls/id/213092

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

JVN Vulnerability Information

Pulse Connect Secure に任意コード実行の脆弱性

Title	Pulse Connect Secure に任意コード実行の脆弱性
Summary	Pulse Connect Secure には任意コード実行の脆弱性が存在します。 Pulse Connect Secure の持つ Windows File Share Browser および Pulse Secure Collaboration 機能に、認証を回避し任意のコード実行を可能とする脆弱性 (CVE-2021-22893) が発見されました。 FireEye が公開した<a href="https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html" target="_blank">レポート</a>によると、2021年4月21日現在、本脆弱性や既知の脆弱性を悪用した攻撃がすでに確認されています。
Possible impacts	遠隔の第三者によって細工されたリクエストを Pulse Connect Secure が受信することにより、認証を回避され、当該機器上で任意のコードを実行される可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版にアップデートしてください。開発者は、本脆弱性を修正した次のバージョンをリリースしています。　* Pulse Connect Secure 9.1R11.4 [ワークアラウンドを適用する] 開発者は回避策として次のxmlファイルの適用を推奨しています。　* <a href="https://my.pulsesecure.net/" target="_blank">Workaround-2104.xml</a> このファイルを適用することにより、Windows File Share Browser と Pulse Secure Collaboration が無効化されます。ただし、このXMLは version 9.0R1 から 9.0R4.1 および 9.1R1 から 9.1R2 では動作しません。これらのバージョンを使用している場合は、PCS をアップデートしてから適用する必要があります。また、開発者は Pulse Secure Connect で不審なファイルの設置や改ざんが行われていないか確認するためのツール <a href="https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755" target="_blank">Pulse Connect Secure Integrity Tool</a> を公開しています。詳細は開発者が提供する情報を参照してください。
Publication Date	April 21, 2021, midnight
Registration Date	April 22, 2021, 2:50 p.m.
Last Update	May 7, 2021, 4:57 p.m.

Affected System

パルスセキュア

Pulse Connect Secure (PCS) version 9.0R3 およびそれ以降

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-22893	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22893

ベンダー情報

No	Name	URL
Security Advisories
1	KB44755 - Pulse Connect Secure (PCS) Integrity Assurance	https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755/
2	SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/

その他

No	Name	URL
JPCERT 緊急報告
1	Pulse Connect Secureの脆弱性 (CVE-2021-22893) に関する注意喚起	https://www.jpcert.or.jp/at/2021/at210019.html
JVN
2	JVNVU#94842247	http://jvn.jp/cert/JVNVU94842247
US-CERT Current Activity
3	CISA Issues Emergency Directive on Pulse Connect Secure	https://us-cert.cisa.gov/ncas/current-activity/2021/04/20/cisa-issues-emergency-directive-pulse-connect-secure
4	CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities	https://us-cert.cisa.gov/ncas/current-activity/2021/04/20/cisa-releases-alert-exploitation-pulse-connect-secure
US-CERT Vulnerability Note
5	VU#213092	https://kb.cert.org/vuls/id/213092
関連文書
6	Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day	https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

Change Log

No	Changed Details	Date of change
1	[2021年04月22日] 掲載	April 22, 2021, 2:50 p.m.
2	[2021年05月07日] 対策：内容を更新ベンダ情報：内容を更新	May 7, 2021, 10:49 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ivanti:connect_secure:9.1:r1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r3::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r5::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r6::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r7::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r2.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.2::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.3::::::
cpe:2.3:a:ivanti:connect_secure:9.0:-::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r3.5::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r4::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r4.1::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r5.0::::::
cpe:2.3:a:ivanti:connect_secure:9.0:r6.0::::::
cpe:2.3:a:ivanti:connect_secure:9.1:-::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r8.4::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r9.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r10.0::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r10.2::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.0::::::
cpe:2.3:a:ivanti:connect_secure:9.1:r11.1::::::