CVE-2021-22893

CVE Database · CVE-2021-22893

CVE-2021-22893

· CRITICALAnalyzed

CVSS v3.1

10.0

EPSS

47.17%

Published

Apr 23, 2021

Modified

Dec 17, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (4)

All weaponized →

TrickestTrickest PoC index GitHub PoCZephrFish/CVE-2021-22893_HoneyPoC2★47 GitHub PoCorangmuda/CVE-2021-22893★7 GitHub PoCMRLEE123456/CVE-2021-22893★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287CWE-416

Affected Products (36)

ivanti · connect_securevulnerable