Security News > 2020 > August > Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link

Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs. Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued.

What we do know is that CVE-2020-8218 can be exploited to execute code on the VPN system by tricking an administrator into, say, opening a URL. "Many vulnerabilities had been found in previous versions of the VPN, so we were eager to see if we could find shortcomings of our own in the latest one," GoSecure's Jean-Frédéric Gauron explained.

"After some time, we did manage to find several new vulnerabilities that allow, among other things, an unauthenticated user to run arbitrary code remotely. The RCE itself requires to be authenticated with admin privileges but can also be triggered by an unsuspecting admin simply clicking on a malicious link."

Essentially, the Perl code powering the VPN's admin panel can be fooled into writing a user-controlled URL parameter to a cache file, and then passing that parameter from the cache file directly to the underlying operating system's command interpreter.

Updating to Pulse Connect Secure 9.1R8 or Pulse Policy Secure 9.1R8 fixes CVE-2020-8218 as well as vulnerabilities found by others, including CVE-2020-8206 and CVE-2020-8221.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/28/pulse_vpn_bugs/