CVE-2021-22893 Ivanti CVE debrief

Who should care

Security teams responsible for Ivanti Pulse Connect Secure, especially organizations exposing the service to the internet or using it for remote access. Incident response, vulnerability management, and identity/network teams should also track this CVE because it is in CISA KEV.

Technical summary

The supplied records identify CVE-2021-22893 as a use-after-free issue affecting Ivanti Pulse Connect Secure. CISA’s KEV entry states the required action is to apply updates per vendor instructions and references ED 21-03 for further guidance. The vulnerability was added to KEV on 2021-11-03 with a due date of 2022-05-03.

Defensive priority

High

Recommended defensive actions

• Apply Ivanti-provided updates for Pulse Connect Secure as directed by the vendor.
• Use CISA ED 21-03 guidance to confirm remediation and any required checks.
• Prioritize exposure review for any internet-facing Pulse Connect Secure deployments.
• Verify whether affected appliances were present during the remediation window and assess for signs of compromise.
• Track this CVE in vulnerability and asset inventories as a known exploited issue.

Evidence notes

Evidence is limited to the supplied CISA KEV source item and official links. The record identifies the product as Ivanti Pulse Connect Secure, the vulnerability as a use-after-free, the KEV dateAdded as 2021-11-03, dueDate as 2022-05-03, and knownRansomwareCampaignUse as Known. No CVSS score was provided in the corpus, so no severity score is asserted here.

Official resources