![]() The initial security hole (CVE-2020-8260) stems from the uncontrolled gzip extraction issue present within Pulse Connect Secure interface. CVE-2021-22937 DescriptionĪccording to the in-depth inquiry by NCC Group, CVE-2021-22937 is a patch bypass for a high-severity flaw addressed in autumn 2020. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs.
0 Comments
Leave a Reply. |