Pulse Secure VPN Vulnerability (CVSS score 10.0)
by sandrasong - April 27, 2021 at 01:56 AM
#1
Newly discovered critical zero-day authentication bypass vulnerability(CVE-2021-22893) of Pulse Secure VPN is currently being exploited in the wild and for which there is no patch available yet.

https://www.fireeye.com/blog/threat-rese...o-day.html


Vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway.


Its CVSS score is maximum of 10.0 and no poc is published yet.
Reply
#2
The only time I've tried using it is on a Mac, and it was a complete failure. Couldn't even get it set up properly with the configuration file we needed to use. Happy to be with PureVPN for Mac.

it seems to reconnect fairly well--I've used it on iffy networks and it's dropped and reconnected without issue once it was restored (a few minutes of no connection).
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
DarkMatter Group launches the world’s first ultra secure smartphone for extreme field shark420 0 260 April 10, 2021 at 01:41 AM
Last Post: shark420
Unrestricted File Upload Vulnerability found in Contact Form 7 WP plugin umerkhan 6 530 January 28, 2021 at 09:18 AM
Last Post: asdfg1234qwerty
Unauthenticated stored XSS vulnerability in WordPress OneTone theme (unpatched) umerkhan 2 354 April 29, 2020 at 03:27 PM
Last Post: geshem

 Users browsing this thread: 1 Guest(s)