CVE-2021-22894 — Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability

2021-11-03 • CISA Known Exploited Vulnerability

[event] Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.

> AFFECTED SOFTWARE

Field	Value
Vendor	Ivanti
Product	Pulse Connect Secure
CWE	CWE-94
CVE ID	CVE-2021-22894
Date Added	2021-11-03
Due Date	2022-05-03
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-05-03

> REFERENCES

[1] https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secu...
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-22894