High Threat Security Alert (A21-04-05): Vulnerability in Pulse Secure Products
21 April 2021
Last update on:
04 May 2021
Pulse Secure has released a security advisory about a zero-day vulnerability in Pulse Connect Secure appliances. The investigation into the vulnerability is continuing. According to the information provided by Pulse Secure, an unauthenticated attacker could perform remote arbitrary file execution on Pulse Connect Secure gateways by exploiting the vulnerability.
On 4 May 2021, Further to our Security Alert (A21-04-05), Pulse Secure has released an out-of-band security update to address the vulnerability (CVE-2021-22893) that has been exploited in the wild, and three newly disclosed vulnerabilities (CVE-2021-22894, CVE-2021-22899, CVE-2021-22900) in Pulse Connect Secure appliances. A successful attack could lead to remote code execution and data tampering on an affected system. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
For detailed information, please refer to the following vendor's URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
Reports indicate that Pulse Secure products vulnerable to CVE-2019-11510, CVE-2020-8243, CVE-2020-8260 and CVE-2021-22893 are being actively exploited in the wild. While patches are available to address CVE-2019-11510, CVE-2020-8243 and CVE-2020-8260, patch for CVE-2021-22893 is yet to be available but Pulse Secure has provided workaround to mitigate the risk.
Pulse Connect Secure version 9.0R3 or higher
A successful attack could lead to remote code execution on an affected system.
On 4 May 2021, Further to our Security Alert (A21-04-05), Pulse Secure has released an out-of-band security update to address the vulnerability (CVE-2021-22893).
Patch for the affected products is not yet available. To secure Pulse Connect Secure appliances, system administrators should implement the following mitigation measures:
Check the integrity of Pulse Connect Secure appliances Pulse Secure has provided the Pulse Connect Secure Integrity Tool to find any additional or modified files. System administrators are advised to run the Integrity Tool to detect any potential compromise. Details of the Integrity Tool could be found at the following URL: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755
Apply the workaround provided by Pulse Secure Pulse Secure has provided the workaround to mitigate the risk of exploitation. Details of the workaround could be found at the following URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784
System administrators should contact their product support vendors for the workaround and assistance.