DESCRIPTION:
BadPackets researchers observed a mass scanning activity by attackers targeting Pulse Secure “Pulse Connect Secure” VPN server endpoints vulnerable to CVE-2019-11510 and CVE-2019-11539. These vulnerabilities could allow unauthenticated attackers to access sensitive information such as private keys or user passwords and execute remote command injection. Further exploitation using the leaked credentials could allow attackers to gain access inside private VPN networks.
AFFECTED RELEASES:
Pulse Connect Secure 9.0R1 - 9.0R3.3
Pulse Connect Secure 8.3R1 - 8.3R7
Pulse Connect Secure 8.2R1 - 8.2R12
Pulse Connect Secure 8.1R1 - 8.1R15
Pulse Policy Secure 9.0R1 - 9.0R3.3
Pulse Policy Secure 5.4R1 - 5.4R7
Pulse Policy Secure 5.3R1 - 5.3R12
Pulse Policy Secure 5.2R1 - 5.2R12
Pulse Policy Secure 5.1R1 - 5.1R15
SOLUTION:
The affected users are recommended to install the patches provided by Pulse Secure.
1. https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
2. https://kb.pulsesecure.net/articles/Pulse_Technical_Bulletin/TSB44239
REFERENCE:
1. https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510
3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11539