At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet.

Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors.

Over the years, researchers disclosed several severe vulnerabilities in the server software, in April of 2021, CISA published a report warning of the exploitation of Pulse Connect secure flaws.

Now Censys researchers discovered that 4,460 Pulse Connect Secure hosts out of 30,266 installs, which are exposed to the Internet, lack of security patches.

“In total, Censys has found 30,266 Pulse Connect Secure hosts running on the internet.” reads the post published by Censys. “One of the easiest ways to find these running using Censys is to search for a specific URI that can be found in the HTTP response body of a Pulse Connect Secure web service.

services.http.response.body:  `/dana-na/`

Of those exposed, 4,460 hosts have been identified as running a software version vulnerable to one or more of the seven security advisories we reviewed.”“

Most of the vulnerable hosts on the Internet, 3,528 hosts, lack patches (SA44858) released in August 2021 by the vendor to resolve the following issues:

CVE-2021-22937	HIGH
CVE-2021-22933	MEDIUM
CVE-2021-22934	HIGH
CVE-2021-22935	HIGH
CVE-2021-22936	MEDIUM
CVE-2021-22938	HIGH

Censys also discovered 1,841 vulnerable hosts that are yet to be patched against four issues (SA44784) addressed by the vendor in April 2021:

CVE-2021-22893	CRITICAL
CVE-2021-22894	CRITICAL
CVE-2021-22899	CRITICAL
CVE-2021-22900	HIGH

Experts also discovered 28 hosts exposed online that have yet to address a critical vulnerability, tracked as CVE-2018-5299, that was disclosed in early 2018 and addressed by the vendor with the release of SA43604.

The report also provides a Breakdown by Country (Top 20), the United States has the most significant total number of Pulse Connect installations with 8,575 hosts, but only 12% are missing security patches.

A worrisome scenario is represented by France, which has only 1,422 Pulse Connect devices on the Internet, but a little over 30% of them are running a vulnerable version.

Let me suggest reading the report which includes a lot of interesting data.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pulse)

[adrotate banner=”5″]

[adrotate banner=”13″]