Quote:Pulse Secure has issued a workaround for a critical remote-code execution (RCE) vulnerability in its Pulse Connect Secure (PCS) VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges.
 
Pulse Secure’s parent company, Ivanti, issued an out-of-band advisory on May 14. The company explained that this high-severity bug – identified as CVE-2021-22908 and rated CVSS 8.5 – affects Pulse Connect Secure versions 9.0Rx and 9.1Rx.
 
“Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user,” according to the advisory. “As of version 9.1R3, this permission is not enabled by default.”
 
The CERT Coordination Center issued a report about the vulnerability, explaining that the problem stems from a buffer overflow vulnerability in the PCS gateway. CERT/CC explained that the gateway’s ability to connect to Windows file shares through a number of CGI endpoints could be leveraged to carry out an attack.