A widely deployed SSL VPN device known as Pulse Secure Connect has been revealed to have a serious vulnerability, with a Common Vulnerability Scoring System score of 10, the maximum possible, that can be exploited remotely.
This, and three other vulnerabilities that were discovered earlier by PulseSecure, the owner of Pulse Secure Connect, are being exploited by malicious attackers, according to a blog post by security vendor FireEye.
Details of the vulnerability were released overnight by the maker of the device. A workaround was also provided, but a final patch will arrive only next month. The other three vulnerabilities that are being exploited have already been patched but the take-up of patches appears to have been very slow.
A security advisory said the vulnerability included an authentication bypass that could allow an unauthenticated user to carry out remote execution of an arbitrary file on the Pulse Connect Secure Gateway.
In a statement, Phil Richards, the chief security officer of the company, said: “The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure appliances.
The very annoying thing about this is when the first bug in Pulse came out, YOU SHOULD HAVE UNINSTALLED IT FROM YOUR NETWORK. Patching as a risk mitigation method is what screwed you here, and everyone involved should be fired. https://t.co/aU2Aiti0RC
— daveaitel (@daveaitel) April 20, 2021
“We have discovered four issues, the bulk of which involve three vulnerabilities that were patched in 2019 and 2020: Security Advisory SA44101 (CVE-2019-11510), Security Advisory SA44588 (CVE-2020-8243) and Security Advisory SA44601 (CVE-2020-8260).
“There is a new issue, discovered this month, that impacted a very limited number of customers. The team worked quickly to provide mitigations directly to the limited number of impacted customers that remediates the risk to their system. We will be releasing a software update in early May. Visit Security Advisory SA44784 (CVE-2021-22893) for more information.”
FireEye said in its post that its Mandiant division had responded to multiple incidents involving Pulse Secure VPN appliances being compromised.
A total of 12 malware families were being tracked in connection with these compromises, the security vendor said. “These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families.”
The company said it had investigated multiple intrusions at defence, government, and financial organisations around the world earlier this year and in each case the first indications of attacker activity were traceable back to DHCP IP address ranges belonging to Pulse Secure VPN appliances in the affected environment.
“In many cases, we were not able to determine how actors obtained administrator-level access to the appliances. However, based on analysis by Ivanti [the parent company of Pulse Secure], we suspect some intrusions were due to the exploitation of previously disclosed Pulse Secure vulnerabilities from 2019 and 2020 while other intrusions were due to the exploitation of CVE-2021-22893,” FireEye added.
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.
Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
ENTER THE SHOP NOW!
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT’S ON ITWIRE TV NOW!