Pierluigi Paganini
January 11, 2020
The U.S. Department of Homeland Security’s
The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability.
“Unauthenticated remote attacker with network access via HTTPS can send a specially crafted URI to perform an arbitrary file reading vulnerability.” reads the advisory.
The vulnerability could be easily exploitable by using publicly available proof-of-concept code. The flaw can be used in combination with the CVE-2019-11539 remote command injection issue gain access to private VPN networks.
Recently the popular
Beaumont revealed that he had become aware of two notable incidents where attackers exploited the Pulse Secure flaws
“In both cases the
In October, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks.
The UK agency reported that APT groups target several vulnerabilities, including CVE-2019-11510 and CVE-2019-11539 in Pulse Secure VPN solutions, and CVE-2018-13379.
NSA also warned of multiple
Despite
In January 2020, Bad Packets reported that there were still 3,623 vulnerable Pulse Secure VPN servers, 1,233 of which were in the United States.
Now CISA agency confirmed that threat actors continue to exploit the CVE-2019-11510 flaw.
“Although Pulse Secure disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510,” reads the alert published by CISA.
“CISA expects to see continued attacks exploiting
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]
