Description
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/667933
Scores
CVSS v3
8.8
EPSS
0.3087
EPSS Percentile
96.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (3)
ivanti/connect_secure
9.0 (17 CPE variants)
ivanti/connect_secure
9.1 (8 CPE variants)
pulsesecure/pulse_connect_secure
9.0rx
Published
May 27, 2021
Tracked Since
Feb 18, 2026