CVE-2021-22899: 
Ivanti Connect Secure vulnerability analysis and mitigation

A command injection vulnerability (CVE-2021-22899) was discovered in Pulse Connect Secure versions before 9.1R11.4. The vulnerability was disclosed in April 2021 and affects the Windows Resource Profiles Feature, allowing remote authenticated attackers to perform remote code execution (NVD).

The vulnerability is classified as a command injection flaw (CWE-77) that enables authenticated attackers to execute arbitrary code. It received a CVSS v3.1 base score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network-based attack vector, low attack complexity, and requiring low privileges (NVD).

The vulnerability enables attackers to harvest credentials and move laterally within affected environments. It has particularly impacted defense, government, and financial organizations worldwide. The exploitation provides attackers with the ability to execute arbitrary code on vulnerable systems, potentially leading to complete system compromise (TechTarget).

Pulse Secure developed an Identity Checker tool for immediate mitigation. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring federal agencies to assess and mitigate any anomalous activity. A final patch was scheduled for release in early May 2021 through version 9.1R11.4 (TechTarget).

The severity of the vulnerability prompted immediate response from government agencies, with CISA issuing an emergency directive for federal civilian departments. Security researchers noted that VPNs are particularly valuable targets for cyberespionage groups as they contain critical information and are exposed to the internet by design (TechTarget).