Tuesday 10 August 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
What you need to know:
Ivanti has shipped a security fix for a critical post-authentication remote code execution (RCE) vulnerability in Pulse Connect Secure VPN (CVE-2021-22937). The latest update is expected to address the uncontrolled archive extraction vulnerability which bypasses an earlier patch for CVE-2020-8260.
- Pulse Connect Secure (PCS) 9.11R11.5 and below
- PCS Appliances
Actions to be taken:
Administrators are recommended to upgrade to PCS 9.1R12 or later.