Security News > 2021 > April > Pulse Secure Critical Zero-Day Security Bug Under Active Exploit
A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said.
Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted.
"The investigation shows ongoing attempts to exploit four issues: The substantial bulk of these issues involve three vulnerabilities that were patched in 2019 and 2020: Security Advisory SA44101, Security Advisory SA44588 and Security Advisory SA44601," according to a Pulse Secure statement provided to Threatpost.
CVE-2021-22893: A Zero-Day in Pulse Connect Secure VPNs. The newly discovered critical security hole is rated 10 out of 10 on the CVSS vulnerability-rating scale.
"The Pulse Connect Secure team is in contact with a limited number of customers who have experienced evidence of exploit behavior on their PCS appliances," according to Pulse Secure.
Earlier in April, the Department of Homeland Security urged companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, because in many cases, attackers have already exploited CVE-2019-11510 to hoover up victims' credentials - and now are using those credentials to move laterally through organizations, DHS warned.
News URL
https://threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/
Related news
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-22893 | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |
| 2019-05-08 | CVE-2019-11510 | Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 10.0 |