VULNERABILITY IN PULSE SECURE: PULSE CONNECT SECURE (PCS)

Reference:
Advisory #2021-007

Version:
1.0

Affected software:
Pulse Connect Secure (PCS) version 9.0R3 and higher

Type:
Authentication by-pass, Remote code execution

CVE/CVSS:
CVE-2021-22893 - 10 (CVSS 3.0)

Sources

Pulse Connect Secure Security Update - Pulse SecureBlog

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755

Risks

A vulnerability was discovered under Pulse Connect Secure (PCS).  This includes an authentication by-pass vulnerability (CVE-2021-22893) that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway.

Description

Threat actors are actively unleashing attacks that attempt to steal encryption keys, passwords and other sensitive data from vulnerable Pulse Secure VPN servers.

An authentication by-pass vulnerability (CVE-2021-22893) in the components Windows File Share Browser and Pulse Secure Collaboration of Pulse Connect Secure may allow an unauthenticated attacker to execute arbitrary code on the target system.

Recommended Actions

CERT.be recommends all system administrators to upgrade their vulnerable Pulse Secure instances to version 9.1R11.4 minimum once available. Meanwhile, you can use The Pulse Security Integrity Checker Tool to see if you have been compromised.

References

https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/