Pulse Connect SecureÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-22893£©

°ä²¼¹¦·ò 2021-04-21

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2021-22893

ʱ   ¼ä

2021-04-21

Àà   ÐÍ

RCE

µÈ   ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò

 9.0R3<= PCS <9.1R.11.4

PoC/EXP


ÔÚÒ°ÀûÓÃ

ÊÇ

 

0x01 ·ì϶ÏêÇé

image.png

 

2021Äê04ÔÂ20ÈÕ£¬£¬£¬£¬£¬£¬PulseSecure°ä²¼°²È«²¼¸æ£¬£¬£¬£¬£¬£¬¹«¿ªÁËPulse Connect Secure£¨PCS£©ÖеÄÒ»¸öÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2021-22893£©£¬£¬£¬£¬£¬£¬¸Ã·ì϶µÄCVSSv3¸ù»ùµÃ·ÖΪ10.0·Ö¡£¡£¡£¡£¡£ ¡£Ô¶³Ì¹¥»÷Äܹ»Í¨¹ýÀûÓô˷ì϶ÔÚPulse Connect SecureÍø¹ØÉÏÖ´ÐÐËÁÒâ´úÂ룬£¬£¬£¬£¬£¬ÇҸ÷ì϶ÎÞÐè¾­¹ýÉí·ÝÑéÖ¤¼´¿ÉÀûÓᣡ£¡£¡£¡£ ¡£

Ä¿Ç°¸Ã·ì϶ÔÚÕë¶ÔÈ«Çò×éÖ¯µÄ¹¥»÷ÖÐÒѱ»»ý¼«ÀûÓ㬣¬£¬£¬£¬£¬¹¥»÷Õßͨ¹ý½«WebShell¸éÖÃÔÚPulse Connect SecureÉ豸ÉÏ£¬£¬£¬£¬£¬£¬ÒÔʵÏÖ½øÒ»²½µÄ½Ó¼ûºÍÓƾÃÐÔ¡£¡£¡£¡£¡£ ¡£ÒÑÖªµÄWebshellÓµÓÐÔ̺¬Éí·ÝÑéÖ¤Èƹý¡¢¶à³É·ÖÉí·ÝÑéÖ¤Èƹý¡¢ÃÜÂë¼Í¼ºÍÓƾÃÐԵȶàÖÖÖ°ÄÜ¡£¡£¡£¡£¡£ ¡£

 

0x02 ´ëÖý¨Òé

Ä¿Ç°PulseSecureÔÚPCS 9.1R.11.4°æ±¾Öн¨¸´ÁË´Ë·ì϶£¬£¬£¬£¬£¬£¬¸Ã·ì϶µÄ°²È«¸üÐÂÔ¤¼Æ½«ÓÚ5Ô³õ°ä²¼£¬£¬£¬£¬£¬£¬½¨ÒéʵʱÉý¼¶ÖÁ×îа汾¡£¡£¡£¡£¡£ ¡£´Ë±í£¬£¬£¬£¬£¬£¬Pulse Secure»¹°ä²¼ÁËPulse Connect°²È«ÆëÈ«ÐÔ¹¤¾ß£¬£¬£¬£¬£¬£¬ÒÔÔ®ÊÖ¿Í»§È·¶¨ÆäϵͳÊÇ·ñÊܵ½Ó°Ïì¡£¡£¡£¡£¡£ ¡£

»º½â´ëÊ©

ͨ¹ýµ¼ÈëWorkaround-2104.xmlÎļþÄܹ»»º½âCVE-2021-22893£¬£¬£¬£¬£¬£¬µ«¸ÃÎļþ»á½ûÓÃWindows File Share BrowserºÍPulse Secure CollaborationÖ°ÄÜ¡£¡£¡£¡£¡£ ¡£

 

ÏÂÔØÁ´½Ó£º

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784

 

0x03 ²Î¿¼Á´½Ó

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755

https://us-cert.cisa.gov/ncas/alerts/aa21-110a

https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/

 

0x04 ¹¦·òÏß

2021-04-20  PluseSecure°ä²¼°²È«¹«¸æ

2021-04-21  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png