CVE-2021-22893

ENISA EUVD: EUVD-2021-10025 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 12 articles Published: 2021-04-23

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

93.97%

probability

This CVE has a 93.97% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2 (legacy)

7.5

HIGH

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.

Affected Products

n/a

Pulse Connect Secure

PCS 9.0R3 or above, PCS 9.1R1 and above

ivanti

connect secure

n/a

Pulse Connect Secure

PCS 9.0R3 or above, PCS 9.1R1 and above

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Exploits & PoC

ZephrFish/CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.

47 2021-10-20

orangmuda/CVE-2021-22893

Proof On Concept — Pulse Secure CVE-2021-22893

7 2022-02-24

MRLEE123456/CVE-2021-22893

Pulse Connect Secure RCE Vulnerability (CVE-2021-22893)

0 2021-04-21

3 repos — triés par ⭐ Rechercher sur GitHub ↗

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/

x_refsource_MISC

https://blog.pulsesecure.net/pulse-connect-secure-security-update/

x_refsource_MISC

https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

x_refsource_MISC

https://kb.cert.org/vuls/id/213092

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

92%

EPSS 93.97%

CVSS v3.1 10

Mentions 12

Last Seen Jan 15, 2024

CNA Information

CNA Assigner

hackerone

Analyst Note

CVE-2021-22893 meets zero-day criteria: official vendor description explicitly states 'This vulnerability has been exploited in the wild,' published April 2021. Articles confirm active mass exploitation of Pulse Connect Secure zero-days contemporaneously. No evidence of prior public patch availability before exploitation reports.

Threat Actors 2

Kinsing

apt_group 🇷🇺 RU

TeamTNT

apt_group 🇩🇪 DE

Triage Info

Decided atMar 05, 2026

Published DateApr 23, 2021