![]() Reboot is required after the application of the workaround. ![]() But there is a workaround XML file to disable the vulnerable features such as “Windows File Share Browser” and “Pulse Secure Collaboration”. The new updated software is not published yet. The vendor states on their website The solution for these vulnerabilities (CVE-2021-22893) is to upgrade the Pulse Connect Secure server software version to the 9.1R.11.4 We will update the advisory once the timelines are available. Vulnerability in Pulse Connect Secure allows a remote unauthenticated attacker to execute arbitrary code via unspecified vectors. new (and unpublished) CVE-2021-22893 - SA44784 - 2021-04: Out-of-Cycle Advisory: Pulse Connect Secure RCE Vulnerability.CVE-2020-8243 - A vulnerability in the Pulse Connect Secure CVE-2020-8260 - A vulnerability in the Pulse Connect Secure CVE-2019-11510 - In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability.Used different old and new vulnerabilities to gain access to publicly facing Pulse Connect Secure devices. Multiple organisations in various countries were compromised using Ivanti Pulse Connect Secure products.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |