[ SB 21.10 ] Out-of-Cycle Advisory: Pulse Connect Secure RCE Vulnerability (CVE-2021-22893)

Out-of-Cycle Advisory: Pulse Connect Secure RCE Vulnerability

A vulnerability was discovered under Pulse Connect Secure (PCS).
This includes an authentication bypass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a CVSS-Score of 10.

Pulse Secure released a tool Pulse Connect Secure (PCS) Integrity Checker/Assurance to check the integrity of affected appliances to check for compromise.

According to a report from FireEye (see link below), these vulnerabilities had been exploited by adversaries since early 2021

ps rce

2 rce

Updates

References





Fragen? Kontakt: info@zero.bs

taggy