Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
#1
Information 
Quote:Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe. Pulse Secure also patched three other security bugs, two of them also critical RCE vulnerabilities.
 
The zero-day flaw, tracked as CVE-2021-22893, was first disclosed on April 20 and carries the highest possible CVSS severity score, 10 out of 10. An exploit allows remote code-execution (RCE) and two-factor authentication bypass. The bug is being used in the wild to gain administrator-level access to the appliances, according to research from Pulse Secure’s parent company, Ivanti.
 
It’s related to multiple use-after-free problems in Pulse Connect Secure before version 9.1R11.4, according to the advisory issued Tuesday, and “allows a remote unauthenticated attacker to execute arbitrary code via license server web services.” It can be exploited without any user interaction.
 
The activity level has been such that the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning businesses of the ongoing campaigns. These are being tracked by FireEye Mandiant as being carried out by two main advanced persistent threat (APT) clusters with links to China: UNC2630 and UNC2717.
 
In addition to the exploit for CVE-2021-22893,  the campaigns involve 12 different malware families overall, Mandiant said. The malware is used for authentication-bypass and establishing backdoor access to the VPN devices, and for lateral movement.
 
“Nation-state hackers will forever pose a threat to businesses around the world,” Andrey Yesyev, director of cybersecurity at Accedian, said via email. “These types of attacks are almost impossible to detect and are increasingly dangerous for any organization’s sensitive data. Once hackers gain initial access to a victim’s network, they’ll move laterally in order to find valuable data. Furthermore, if they’re able to infiltrate an organization’s perimeter, bad actors could establish a connection to a command-and-control server (C2) – allowing them to control compromised systems and steal data from target networks.”

Read more: Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>