Security News > 2021 > April > Pulse Secure Zero-Day Flaw Actively Exploited in Attacks
Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won't be patched until next month.
Tracked as CVE-2021-22893 and discovered in April 2021, the fourth vulnerability won't receive a patch until early May, but Pulse Secure says that it has already provided mitigations to a very limited number of customers affected.
Rated critical severity, the issue is described as an authentication bypass that could allow unauthenticated attackers to execute arbitrary files remotely on Pulse Connect Secure gateways.
According to FireEye, there are 12 malware families that are currently actively engaged in the exploitation of vulnerable Pulse Secure VPN devices, yet they aren't necessarily related to one another, which suggests that multiple threat actors are responsible "For the creation and deployment of these various code families."
Leveraging harvested credentials from Pulse Secure VPN login flows, one threat actor was able to move laterally into the compromised networks and then employ modified Pulse Secure binaries and scripts on the VPN to maintain persistent access to the environment.
Pulse Secure has released an integrity checker tool to help customers assess any possible impact from the aforementioned vulnerabilities.
News URL
Related news
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-22893 | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |