Skip to content

Instantly share code, notes, and snippets.

@JGarciaSec
Last active August 17, 2022 07:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 to your computer and use it in GitHub Desktop.
Save JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 to your computer and use it in GitHub Desktop.
Pulse Connect Secure CVE 2021-44720
[description]
Ivanti Pulse Connect Secure (PCS) before 9.1R12, stores the readable administrator password in the HTML source code at "Maintenance > Push Configuration > Targets > (target Name)". A read-only administrative user is able to escalate to a read-write administrative role with the credentials in the HTML source code.
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
Pulse Secure - Ivanti
------------------------------------------
[Affected Product Code Base]
Pulse Connect Secure - before 9.1R12
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Attack Vectors]
Hard coded admin password in HTML code
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Joel Garcia Santisima Trinidad from Secura.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment