Security News > 2021 > April > Pulse Secure Critical Zero-Day Security Bug Under Active Exploit
A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said.
Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted.
"The investigation shows ongoing attempts to exploit four issues: The substantial bulk of these issues involve three vulnerabilities that were patched in 2019 and 2020: Security Advisory SA44101, Security Advisory SA44588 and Security Advisory SA44601," according to a Pulse Secure statement provided to Threatpost.
CVE-2021-22893: A Zero-Day in Pulse Connect Secure VPNs. The newly discovered critical security hole is rated 10 out of 10 on the CVSS vulnerability-rating scale.
"The Pulse Connect Secure team is in contact with a limited number of customers who have experienced evidence of exploit behavior on their PCS appliances," according to Pulse Secure.
Earlier in April, the Department of Homeland Security urged companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, because in many cases, attackers have already exploited CVE-2019-11510 to hoover up victims' credentials - and now are using those credentials to move laterally through organizations, DHS warned.
News URL
https://threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/
Related news
- Food security: Accelerating national protections around critical infrastructure (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Malware exploits 5-year-old zero-day to infect end-of-life IP cameras (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-22893 | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |
| 2019-05-08 | CVE-2019-11510 | Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 10.0 |