Published on: 27 August 2020
Pulse Secure released security advisories to address multiple vulnerabilities in the Pulse Connect Secure and Pulse Policy Secure server software. The detailed information about the vulnerabilities can be found at:
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516/
The proof-of-concept and fully workable exploit code against the vulnerability (CVE-2020-8218) has been publicly available on the Internet. System administrators are advised to patch your affected systems to mitigate the risks of cyber attacks.
Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, information disclosure, elevation of privilege, cross-site scripting or denial of service on an affected system.
Software updates for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516/
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8216 (to CVE-2020-8222)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15408