At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet.

Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors.

Over the years, researchers disclosed several severe vulnerabilities in the server software, in April of 2021, CISA published a report warning of the exploitation of Pulse Connect secure flaws.

Now Censys researchers discovered that 4,460 Pulse Connect Secure hosts out of 30,266 installs, which are exposed to the Internet, lack of security patches.

“In total, Censys has found 30,266 Pulse Connect Secure hosts running on the internet.” reads the post published by Censys. “One of the easiest ways to find these running using Censys is to search for a specific URI that can be found in the HTTP response body of a Pulse Connect Secure web service.

services.http.response.body: `/dana-na/`

Of those exposed, 4,460 hosts have been identified as running a software version vulnerable to one or more of the seven security advisories we reviewed.”“

Most of the vulnerable hosts on the Internet, 3,528 hosts, lack patches (SA44858) released in August 2021 by the vendor to resolve the following issues:

CVE-2021-22937	HIGH
CVE-2021-22933	MEDIUM
CVE-2021-22934	HIGH
CVE-2021-22935	HIGH
CVE-2021-22936	MEDIUM
CVE-2021-22938	HIGH

Censys also discovered 1,841 vulnerable hosts that are yet to be patched against four issues (SA44784) addressed by the vendor in April 2021:

CVE-2021-22893	CRITICAL
CVE-2021-22894	CRITICAL
CVE-2021-22899	CRITICAL
CVE-2021-22900	HIGH

Experts also discovered 28 hosts exposed online that have yet to address a critical vulnerability, tracked as CVE-2018-5299, that was disclosed in early 2018 and addressed by the vendor with the release of SA43604.

The report also provides a Breakdown by Country (Top 20), the United States has the most significant total number of Pulse Connect installations with 8,575 hosts, but only 12% are missing security patches.

A worrisome scenario is represented by France, which has only 1,422 Pulse Connect devices on the Internet, but a little over 30% of them are running a vulnerable version.

Let me suggest reading the report which includes a lot of interesting data.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pulse)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.