Overview
Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may allow an authenticated remote attacker to execute arbitrary code.
Description
CVE-2021-22908
PCS includes the ability to connect to Windows file shares (SMB). This capability is provided by a number of CGI scripts, which in turn use libraries and helper applications based on Samba 4.5.10. When specifying a long server name for some SMB.
minute read
Share this article:
One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again.
Pulse Secure has issued a workaround for a critical remote-code execution (RCE) vulnerability in its Pulse Connect Secure (PCS) VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges.
Pulse Secure’s parent company, Ivanti, issued an out-of-band advisory on May 14. The company explained that this high-severity bug – identified as CVE-2021-22908 and rated CVSS 8.5 – affects Pulse Connect Secure versions 9.0Rx and 9.1Rx.
“Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user,” according to the advisory. “As of version 9.1R3, this permission is not enabled by default.”