Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pulse Connect Secure. Show all posts

Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet


After CISA published a report in April 2021, cautioning online users regarding the exploitations of Pulse Connect secure vulnerabilities, researchers at cybersecurity firm, Censys, found that 4,460 Pulse Connect Secure hosts out of 30,266 appliances exposed to the internet are void of security patches.

Pulse Connect Secure

Regarded as the most extensively used SSL VPN solution, Pulse Connect Secure offers remote and mobile customers secure access to business resources. Additionally, the Ivanti portfolio added the VPN appliance to its lineup in the year 2020, after acquiring Pulse Secure. 

Pulse Secure appliances are as well a distinguished choice for both cyber criminals and state-backed threat actors. Government agencies, in regard to this, have sent out several advisories in order to warn users of the ongoing exploitation of these products’ unpatched vulnerability. 

Censys Study on Pulse Connect Secure

As per the report published by Censys, six vulnerabilities, including a critical-severity file write vulnerability that may be used to execute arbitrary code with root capabilities, are still unpatched in about 3,500 of the affected appliances. 

“In total, Censys has found 30,266 Pulse Connect Secure hosts running on the internet […] One of the easiest ways to find these running using Censys is to search for a specific URI that can be found in the HTTP response body of a Pulse Connect Secure web service,” reads the post published by Censys. 

In addition to this, Censys found that more than 1,800 of the vulnerable hosts are not yet equipped with patches for three severe security flaws that Pulse Secure resolved in May 2021, despite being warned two weeks back of the flaws (CVE-2021-22893, CVSS score of 10) that were being exploited in the attack. 

Censys also discovered hundreds of Pulse Connect Secure appliances that were still affected by other severe vulnerabilities including CVE-2018-5299 (CVSS score of 9.8), CVE-2018-6320 (CVSS score of 9.8), CVE-2019-11510 (CVSS score of 10), and CVE-2019-11540 (CVSS score of 9.8). 

According to the Censys report’s Breakdown by Country (top 20), with 8,575 hosts, the United States has the largest overall number of Pulse Connect installations, however, just 12% of those hosts lack security fixes. While with 3,000 hosts (700 vulnerable), Japan holds the second position, followed by UK and Germany, both with slightly over 1,700 hosts (155 and 134 vulnerable, respectively).