Zero-Day Vulnerability In Pulse Secure VPN Went Under Attack

A serious security flaw existed in the Pulse Connect Secure SSL VPN appliance. The flaw, a zero-day vulnerability, was found to be under attack before Pulse Secure could deploy a fix for the VPN appliance.

Pulse Secure VPN Zero-Day Vulnerability

In a recent post, Pulse Secure has disclosed details about a zero-day vulnerability in the PSC VPN appliance.

As revealed, they spotted active exploitation of a new vulnerability in the Pulse Connect Secure (PCS) appliances against some customers.

This vulnerability, CVE-2021-22893, had received a critical severity rating with a CVSS score of 10.0. As elaborated in an advisory, a multiple use after free flaw could allow an attacker for remote code execution attacks.

Multiple use after free in Pulse Connect Secure before 9.1R11.4 allows a remote unauthenticated attacker to execute arbitrary code via license server web services.

This bug affected “PCS 9.0R3/9.1R1 and Higher” as the advisory confirms.

Researchers from FireEye have also elaborated on this zero-day in their report.

Together with this zero-day, Pulse Secure also confirmed the existence of three more vulnerabilities. These include two critical severity flaws leading to remote code execution by an authenticated attacker. These include CVE-2021-22894 – a buffer overflow exploitable via malicious meeting room, and CVE-2021-22899 – a command injection flaw exploitable via Windows File Resource Profiles. Both the bugs have received a CVSS score of 9.9.

Besides, they have also disclosed a high-severity vulnerability CVE-2021-22900 that received a CVSS of 7.2. This file write flaw also allowed an authenticated attacker to upload malicious archives in the admin web interface.

Patches Deployed – Update Now

Pulse Secure has fixed all four of these vulnerabilities with the release of Pulse Connect Secure 9.1R11.4.

Given the active exploitation of the flaw, the vendors and the researchers urge everyone to update the systems immediately.

Also, the US CISA has issued an emergency alert about this vulnerability.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil