“The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have experienced evidence of exploit behavior on their PCS appliances,” according to Pulse Secure. User can also use the blacklisting feature to disable URL-based attacks, the firm noted, by blocking the following URIs:
It disables the Windows File Share Browser and Pulse Secure Collaboration features on the appliance. The mitigations involve importing a file called “Workaround-2104.xml,” available on the advisory page.
“The Pulse Connect Secure vulnerability with CVE-2021-22893…can be exploited without any user interaction,” he added. “VPNs have become a prime target for cybercriminals and over the past few months.” “The ongoing COVID-19 crisis resulted in an overnight shift to remote work culture, and VPNs played a critical role to make this possible,” Bharat Jogi, senior manager of vulnerability and threat research at Qualys, said via email. It “poses a significant risk to your deployment,” according to the advisory, issued Tuesday. It’s an authentication bypass vulnerability that can allow an unauthenticated user to perform RCE on the Pulse Connect Secure gateway. The newly discovered critical security hole is rated 10 out of 10 on the CVSS vulnerability-rating scale. “The new issue, discovered this month, impacted a very limited number of customers.” CVE-2021-22893: A Zero-Day in Pulse Connect Secure VPNs “The investigation shows ongoing attempts to exploit four issues: The substantial bulk of these issues involve three vulnerabilities that were patched in 20: Security Advisory SA44101 (CVE-2019-11510), Security Advisory SA44588 (CVE-2020-8243) and Security Advisory SA44601 (CVE-2020-8260),” according to a Pulse Secure statement provided to Threatpost. Pulse Secure said that the zero-day will be patched in early May but in the meantime, the company worked with Ivanti (its parent company) to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted. The flaw, tracked as CVE-2021-22893, allows remote code-execution (RCE) and is being used in the wild to gain administrator-level access to the appliances, according to Ivanti research. Click above to hone your defense intelligence!
Download “The Evolution of Ransomware” to gain valuable insights on emerging trends amidst rapidly growing attack volumes.