CVE-2021-22965

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44879/?kA13Z000000L3ZF	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ivanti:connect_secure:9.1:-::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r10.0::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r10.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11.0::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11.3::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r11.4::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r12::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r3::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r4.3::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r5::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r6::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r7::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r8::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r8.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r8.2::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r8.4::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r9::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r9.1::::::
	cpe:2.3:a:ivanti:connect_secure:9.1:r9.2::::::
	cpe:2.3:a:pulsesecure:pulse_connect_secure::::::::

History

27 Feb 2024, 21:04

Type	Values Removed	Values Added
CPE	cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.0:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.4:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.3:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.0:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.4:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9::::::	cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r1:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r7:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r4:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r9:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r8:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r2:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r5:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:::::: cpe:2.3:a:ivanti:connect_secure:9.1:-:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r12:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r6:::::: cpe:2.3:a:ivanti:connect_secure:9.1:r3::::::
First Time		Ivanti connect Secure Ivanti

23 Nov 2021, 13:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.8 v3 : 7.5
CWE		CWE-400
References	~~(MISC) https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44879/?kA13Z000000L3ZF -~~	(MISC) https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44879/?kA13Z000000L3ZF - Vendor Advisory
CPE		cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:::::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.0:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.0:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.4:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r5:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r12:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.3:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r6:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r10.2:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r7:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r11.3:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r4.1:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.4:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r9:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r3:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:-:::::: cpe:2.3:a:pulsesecure:pulse_connect_secure:9.1:r8.2::::::

19 Nov 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-11-19 19:15

Updated : 2024-02-27 21:04

NVD link : CVE-2021-22965

Mitre link : CVE-2021-22965

CVE.ORG link : CVE-2021-22965

JSON object : View

Products Affected

ivanti

connect_secure

pulsesecure

pulse_connect_secure

CWE

CWE-400

Uncontrolled Resource Consumption

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-22965

7.5^/10

7.8^/10

Attach tags to `CVE-2021-22965`