Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack


Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors.

Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns “multiple use after free” issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to execute arbitrary code and take control of the affected system. All Pulse Connect Secure versions prior to 9.1R11.4 are impacted.

password auditor

The flaw came to light on April 20 after FireEye disclosed a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in the remote access solution to bypass multi-factor authentication protections and breach enterprise networks.

The development promoted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an Emergency Directive urging federal agencies and civilian departments to mitigate any anomalous activity or active exploitation detected on their networks.

Following an investigation conducted in conjunction with FireEye Mandiant, Ivanti said the attacks were observed on a “very limited number” of customer systems. FireEye is tracking the activity under two separate clusters UNC2630 and UNC2717 citing differences in the malicious web shells that were dropped on the compromised devices.

“As sophisticated threat actors continue their attacks on U.S. businesses and government agencies, we will continue to work with our customers, the broader security industry, law enforcement and government agencies to mitigate these threats,” the Utah-based software firm said.

“Companywide we are making significant investments to enhance our overall cybersecurity posture, including a more broad implementation of secure application development standards.”

Pulse Secure customers are advised to move quickly to apply the update to ensure they are protected. The company has also released a Pulse Connect Secure Integrity Tool to check for signs of compromise and identify malicious activity on their systems.





Source link

Mourad ELGORMA

Mourad ELGORMA

Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Laisser un commentaire