CVE-2021-22899
Published: 27 May 2021
Summary
CVE-2021-22899 is a high-severity Command Injection (CWE-77) vulnerability in Ivanti Connect Secure. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
A command injection vulnerability tracked as CVE-2021-22899 affects Pulse Connect Secure versions prior to 9.1R11.4. The flaw resides in the Windows Resource Profiles feature and is classified under CWE-77, enabling an attacker to inject and execute arbitrary operating-system commands.
A remote attacker who has already authenticated to the appliance can exploit the issue over the network without user interaction. Successful exploitation grants the attacker full remote code execution with the privileges of the vulnerable process, resulting in complete confidentiality, integrity, and availability impact as reflected by the CVSS 8.8 score.
The vendor advisory SA44784 recommends upgrading to Pulse Connect Secure 9.1R11.4 or later to remediate the flaw. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-10031
Vulnerability details
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying vendor patches to remediate the identified command-injection flaw in Pulse Connect Secure.
Restricts activation of the Windows Resource Profiles feature that contains the injection vulnerability, reducing attack surface.
Enables monitoring of command execution and anomalous behavior that would indicate exploitation of the RCE flaw.