Security News > 2021 > May > Pulse Secure VPNs Get Quick Fix for Critical RCE
Pulse Secure has issued a workaround for a critical remote-code execution vulnerability in its Pulse Connect Secure VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges.
May: Earlier this month, a critical zero-day flaw in Pulse Secure's Connect Secure VPN devices was being used by at least two advanced persistent threat groups, likely linked to China, to attack U.S. defense, finance and government targets, as well as victims in Europe.
That one wasn't a one-off: At the same time, Pulse Secure also patched three other security bugs, two of them also critical RCE vulnerabilities.
CISA told CNN that it was aware of at least five federal civilian agencies who were attacked through Pulse Secure VPNs. April: The FBI warned that a known arbitrary file-read Pulse Secure bug was part of five vulnerabilities under attack by the Russia-linked group known as APT29.
April: The Department of Homeland Security urged companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, because in many cases, attackers have already exploited CVE-2019-11510 to hoover up victims' credentials - and now are using those credentials to move laterally through organizations, DHS warned.
052521 13:35 UPDATE: Threatpost has requested details from Pulse Secure about whether a permanent fix is in the works.
News URL
https://threatpost.com/pulse-secure-vpns-critical-rce/166437/
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-08 | CVE-2019-11510 | Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 10.0 |