High Threat Security Alert (A21-04-05): Vulnerability in Pulse Secure Products


 

Published on: 21 April 2021

Last update on: 04 May 2021

  
  

Description:

Pulse Secure has released a security advisory about a zero-day vulnerability in Pulse Connect Secure appliances. The investigation into the vulnerability is continuing. According to the information provided by Pulse Secure, an unauthenticated attacker could perform remote arbitrary file execution on Pulse Connect Secure gateways by exploiting the vulnerability.

On 4 May 2021, Further to our Security Alert (A21-04-05), Pulse Secure has released an out-of-band security update to address the vulnerability (CVE-2021-22893) that has been exploited in the wild, and three newly disclosed vulnerabilities (CVE-2021-22894, CVE-2021-22899, CVE-2021-22900) in Pulse Connect Secure appliances. A successful attack could lead to remote code execution and data tampering on an affected system. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

For detailed information, please refer to the following vendor's URL:
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/

Reports indicate that Pulse Secure products vulnerable to CVE-2019-11510, CVE-2020-8243, CVE-2020-8260 and CVE-2021-22893 are being actively exploited in the wild. While patches are available to address CVE-2019-11510, CVE-2020-8243 and CVE-2020-8260, patch for CVE-2021-22893 is yet to be available but Pulse Secure has provided workaround to mitigate the risk.

 

Affected Systems:

  • Pulse Connect Secure version 9.0R3 or higher

 

Impact:

A successful attack could lead to remote code execution on an affected system.

 

Recommendation:

On 4 May 2021, Further to our Security Alert (A21-04-05), Pulse Secure has released an out-of-band security update to address the vulnerability (CVE-2021-22893).

Patch for the affected products is not yet available. To secure Pulse Connect Secure appliances, system administrators should implement the following mitigation measures:

  • Check the integrity of Pulse Connect Secure appliances
    Pulse Secure has provided the Pulse Connect Secure Integrity Tool to find any additional or modified files.  System administrators are advised to run the Integrity Tool to detect any potential compromise.  Details of the Integrity Tool could be found at the following URL:
    https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755
  • Apply the workaround provided by Pulse Secure
    Pulse Secure has provided the workaround to mitigate the risk of exploitation.  Details of the workaround could be found at the following URL:
    https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784

System administrators should contact their product support vendors for the workaround and assistance.

 

More Information:

  • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
  • https://us-cert.cisa.gov/ncas/current-activity/2021/05/03/ivanti-releases-pulse-secure-security-update
  • https://us-cert.cisa.gov/ncas/alerts/aa21-110a
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22893
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22894
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22899
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22900
  • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784
  • https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22893


Tag: Pulse Secure , Pulse Connect Secure
Tags