Visit Security Advisory SA44784 (CVE-2021-22893) for more information.Customers are also encouraged to apply and leverage the efficient and easy-to-use Pulse Secure Integrity Checker Tool to identify any unusual activity on their system. PCS will issue a software update in early May.
The team worked quickly to provide mitigations directly to the limited number of impacted customers that remediates the risk to their system. The new issue, discovered this month, impacted a very limited number of customers. Customers are strongly recommended to review the advisories and follow the guidance, including changing all passwords in the environment if impacted. The investigation shows ongoing attempts to exploit four issues: The substantial bulk of these issues involve three vulnerabilities that were patched in 20: Security Advisory SA44101 (CVE-2019-11510), Security Advisory SA44588 (CVE- 2020- 8243) and Security Advisory SA44601 (CVE- 2020- 8260). The PCS team has provided remediation guidance to these customers directly. The Pulse Connect Secure (PCS) team is in contact with a limited number of customers who have experienced evidence of exploit behavior on their PCS appliances. Security updates to solve this issue will be released in early May. Pulse Secure also released the Pulse Connect Secure Integrity Tool to help customers determine if their systems are impacted.
To mitigate the vulnerability tracked as CVE-2021-22893 (with a maximum 10/10 severity score), Pulse Secure advises customers with gateways running PCS 9.0R3 and higher to upgrade the server software to the 9.1R.11.4 release.Īs a workaround, the vulnerability can be mitigated on some gateways by disabling Windows File Share Browser and Pulse Secure Collaboration features using instructions available in the security advisory published earlier today. Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks.
0 kommentar(er)
