CVE-2021-22893
CRITICAL KEV RANSOMWAREPulse Connect Secure >=9.0R3/9.1R1 - Auth Bypass
Title source: llmExploitation Summary
CVE-2021-22893 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns. EIP tracks 10 public exploits from researchers including ZephrFish, orangmuda, MRLEE123456.
AI-analyzed exploit summary This repository is a honeypot (HoneyPoC) designed to deceive users into thinking it is a functional exploit for CVE-2021-22893. The script contains no actual exploit code but instead outputs misleading messages and includes a dangerous command (`rm -rvf /* --no-preserve-root`) that could cause system damage if executed.
Description
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Exploits (10)
This repository is a honeypot (HoneyPoC) designed to deceive users into thinking it is a functional exploit for CVE-2021-22893. The script contains no actual exploit code but instead outputs misleading messages and includes a dangerous command (`rm -rvf /* --no-preserve-root`) that could cause system damage if executed.
The repository claims to be a PoC for CVE-2021-22893 but contains a fake exploit script that outputs misleading messages and does not actually exploit the vulnerability. The script is deceptive and includes humorous or nonsensical content.
The repository contains only a minimal Python file and a README with a Shodan query, lacking any functional exploit code or technical details about CVE-2021-22893.
The repository claims to be a PoC for CVE-2021-22893 but contains a deceptive script that simulates an exploit while actually performing harmless actions like listing directories and printing misleading messages. It includes commented-out Metasploit-like payloads and lyrics, indicating an attempt to mimic a real exploit without functional malicious code.
The repository claims to be a PoC for CVE-2021-22893 but is actually a fake exploit that simulates harmful actions (e.g., deleting the root filesystem) without any real exploitation logic. It includes deceptive comments and lyrics to mislead users.
The repository claims to be a PoC for CVE-2021-22893 but contains a fake exploit script that simulates harmful actions (e.g., deleting the root filesystem) without actually exploiting the vulnerability. The script is deceptive and includes irrelevant comments about Windows XP NX bypasses, which are unrelated to the CVE.
The repository claims to be a PoC for CVE-2021-22893 but is actually a fake exploit that simulates harmful actions (e.g., deleting the root filesystem) without any real exploitation logic. It is designed to deceive users into believing it is functional.
The repository claims to be a PoC for CVE-2021-22893 but is actually a fake exploit that simulates harmful actions (e.g., deleting the root filesystem) without any real exploitation logic. It includes deceptive comments and lyrics to mislead users.
The repository claims to be a PoC for CVE-2021-22893 but is actually a fake exploit that simulates harmful actions (e.g., deleting the root filesystem) without any real exploitation logic. It is designed to deceive users into believing it is functional.
This repository is a honeypot (HoneyPoC) designed to deceive users into thinking it contains a functional exploit for CVE-2021-22893. The script contains no actual exploit code but instead performs harmless actions while pretending to execute destructive commands.
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H