Hackers Utilizing Zero-Day in Pulse Secure VPN for Remote-Code-Execution

Saturday, April 24th, 2021 | , ,

A new zero-day exploit, tracked as CVE-2021-22893, has been being used by threat actors and nation-state actors to launch cyberattacks against U.S. defense, financial, and government targets, as well as victims in Europe.

The flaw allows remote code-execution (RCE) and is being used in the wild to gain administrator-level access to the appliances, according to Ivanti research. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with researchers to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted.

“The investigation shows ongoing attempts to exploit four issues: The substantial bulk of these issues involve three vulnerabilities that were patched in 2019 and 2020:  Security Advisory SA44101 (CVE-2019-11510), Security Advisory SA44588 (CVE-2020-8243) and Security Advisory SA44601 (CVE-2020-8260),” according to a Pulse Secure statement provided to Threatpost. “The new issue, discovered this month, impacted a very limited number of customers.”

The newly discovered critical security hole is rated 10 out of 10 on the CVSS vulnerability-rating scale. It’s an authentication bypass vulnerability that can allow an unauthenticated user to perform RCE on the Pulse Connect Secure gateway. It “poses a significant risk to your deployment,” according to the advisory, issued Tuesday.

Further Reading

SA44101 – 2019-04

SA44588 – 2020-09

Pulse Connect Secure Integrity Tool

Share this: