Security News > 2020 > April > CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
The United States Cybersecurity and Infrastructure Security Agency yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution vulnerability in Pulse Secure VPN servers-even if they have already patched it.
The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability.
"Threat actors who successfully exploited CVE-2019-11510 and stole a victim organization's credentials will still be able to access - and move laterally through - that organization's network after the organization has patched this vulnerability if the organization did not change those stolen credentials," CISA said.
While on August 24, 2019, security intelligence firm Bad Packets was able to discover 14,528 unpatched Pulse Secure servers, a subsequent scan as of last month yielded 2,099 vulnerable endpoints, indicating that a vast majority of organizations have patched their VPN gateways.
In the face of ongoing attacks, it's recommended that organizations upgrade their Pulse Secure VPN, reset their credentials, and scan for unauthenticated log requests and exploit attempts.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/waVavmhAkK8/pulse-secure-vpn-vulnerability.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-08 | CVE-2019-11510 | Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 10.0 |