Urgent updates issued for Pulse Secure VPNs
Pulse Secure issues a fix for the flaw in its Connect Secure VPN appliances in support of the incomplete patch for an actively exploited flaw resolved in October 2020.
Richard Warren of the NCC group stated that the Connect secure appliance suffers from a vulnerability due to which the threat actors can successfully overwrite arbitrary files, leading to RCE as root. He further points out that this flaw is a bypass of the CVE-2020-8260 patch.
Warren added that threat actors with this control could create a persistent backdoor, get hold of credentials and decrypt them, compromise VP clients or get access to the internal network, as they are able to circumvent any limitations as well as remount the filesystem.
Ivanti, the Pulse secure company, urges its customers to upgrade to the version 9.1R12 of the Pulse Connect Secure to save them from exploitation attempts. The exploitation of the vulnerability termed CVE-2021-22937 (CVSS score: 9.1) will allow the threat actor to conduct a file write through an infected archive in the administrative web interface.
Ivanti’s Vice president of security, Daniel Spicer, states that the type and impact of the vulnerability are similar to CVE-2020-8260, but it is not a bypass of the same, and so it has been assigned a separate CVE.
In the administrative web interface, a flaw in the way the archive files are extracted has been the major reason of the vulnerability. Although earlier there were multiple checks for the validation of the TAR file, an analysis indicated that exploitation was still possible as it did not apply to the profiler type archives.
CVE-2020-8260 is a major player that was exploited by attackers this year in April for intrusions targeting some critical entities in the U.S to breach enterprise networks. So without delay, it is highly advised to upgrade to Pulse Connect Secure (PCS) version 9.1R12 or later to avoid any dangerous exploitation.
Spicer also pointed out their efforts of a thorough code review to enhance their security practices along with protecting their customers.