Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges.
“Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user,” the company said in an alert published on May 14. “As of version 9.1R3, this permission is not enabled by default.”
The flaw, identified as CVE-2021-22908, has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway’s ability to connect to Windows file shares through a number of CGI endpoints that could be leveraged to carry out the attack.
“When specifying a long server name for some SMB operations, the ‘smbclt’ application may crash due to either a stack buffer overflow or a heap buffer overflow, depending on how long of a server name is specified,” CERT/CC detailed in a vulnerability note published on Monday, adding it was able to…