Pierluigi Paganini
August 25, 2019
On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular
The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability.
“Unauthenticated remote attacker with network access via HTTPS can send a specially crafted URI to perform an arbitrary file reading vulnerability.” reads the advisory.
The vulnerability could be easily exploitable by using publicly available proof-of-concept code.
The scanning activity detected by the
⚠️ 𝗪𝗔𝗥𝗡𝗜𝗡𝗚 ⚠️
— Bad Packets by Okta (@bad_packets) August 22, 2019
Mass scanning activity detected from 2.137.127.2 () checking for @pulsesecure Pulse Connect Secure VPN endpoints vulnerable to arbitrary file reading (CVE-2019-11510).#threatintel pic.twitter.com/fiRUMKjwbE
Attackers attempted to download the “etc/passwd” file that contains the
“A successful “HTTP 200/OK” response to this scan indicates the VPN endpoint is vulnerable to further attacks. Given the ongoing scanning activity, it’s likely the attackers have enumerated all publicly accessible hosts vulnerable to CVE-2019-11510.” reads the post published by
Most of the vulnerable hosts were in the U.S.
The researchers also analyzed the distribution of the vulnerable hosts by industry and discovered that the flaw affects hosts in:
BadPackers did not disclose the list of affected organizations to avoid that threat actors will target them.
“Pulse Secure VPN administrators need to immediately ensure they’re not using versions of the “Pulse Connect Secure” server software vulnerable to CVE-2019-11510. Pulse Secure has provided guidance on how to update to fixed versions.” concludes the post.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – CVE-2019-11510, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
