January 2020 – Media reports cybercriminals now targeting unpatched Pulse Secure VPN servers to install REvil (Sodinokibi) ransomware.Octo– The CERT Coordination Center (CERT/CC) releases Vulnerability Note VU#927237: Pulse Secure VPN contains multiple vulnerabilities.Octo– The National Security Agency (NSA) produces a Cybersecurity Advisory on Pulse Secure and other VPN products being targeted actively by advanced persistent threat actors.Aug– Bad Packets identifies over 14,500 vulnerable VPN servers globally still unpatched and in need of an upgrade.Aug– Meh Chang and Orange Tsai demonstrate the VPN issues across multiple vendors (Pulse Secure) with detailed attack on active VPN exploitation.J– Full use of exploit demonstrated using the admin session hash to get complete shell.– Large commercial vendors get reports of vulnerable VPN through HackerOne.Ap– Pulse Secure releases initial advisory and software updates addressing multiple vulnerabilities.ĬISA expects to see continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes. Īlthough Pulse Secure disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack. Pulse Secure provides the PCS Integrity Assurance tool to validate you systems.Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Improving the protection for license servers can be achieved on firewall level, by limiting the possibilities to connect to them.Īfter applying the work around you should check for earlier compromise, since the vulnerabilities are actively abused. The work around is not recommended for license servers. Two features of the appliance will be disabled: Windows File Share Browser and Pulse Secure Collaboration.Īppliances running PCS versions 9.0R1 – 9.0R4.1 or 9.1R1-9.1R2 should be updated before the work around can be applied. Northwave recommends to apply this workaround. Pulse Secure provides a work around on their website for some affected systems which prevents abuse of the vulnerability since an actual bug fix is not ready yet. Because no credentials are needed to execute the attack, we estimate the risk as high. Thus, we estimate the impact as high.īy their nature, most Pulse Connect Secure appliances are publicly accessible. There are known cases in which attackers gained persistence by installing web shells during their attack. If you would like to send feedback on this Pulse Client directly to representatives of Pulse Secure, please email us at pulse-universal-feedbackpulsesecure. Learn more by consulting the Pulse Secure Universal App for Windows, Quick Start Guide. The affected software versions are Pulse Connect Secure (PCS) versions 9.0R3 and higher.īy exploiting this vulnerability a threat actor gains remote code execution capabilities on the appliance running Pulse Connect Secure. The Pulse Client is not a personal VPN application and does not support the PPTP or L2TP protocols. The vulnerability has been scored at the maximum value within the CVSS 3.1 framework, namely 10.0. In this message, we want to warn you about the threat and inform you about the possible mitigation steps.įireEye released information about a vulnerability in Pulse Secure VPN, registered with CVE-2021-22893. On Tuesday 20 April, FireEye published information about an actively exploited vulnerability in Pulse Secure VPN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |