Pulse Connect Secure security update-CVE-2021-22893
NAME
Pulse Secure – Pulse Connect Secure
- Platforms Affected:
Pulse Connect Secure - Risk Level:
high - CVE Type:
Authentication bypass
DESCRIPTION
CVE-2021-22893 is an authentication bypass vulnerability impacting multiple versions of Pulse Connect Secure. A proof of concept (PoC) was not observed publicly or in the underground. The Pulse Secure team claimed to be aware of the vulnerability being used in targeted attacks. Additionally, the vendor has released the Pulse Connect Secure Integrity Tool for their customers to determine if their systems are impacted.
CVSS Information:
- CVSS 2.0 SCORE:
- CVSS 3.0 SCORE: 10
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
true - PoC Link:
hXXps://blog[.]pulsesecure[.]net/pulse-connect-secure-security-update/
MITIGATION
Pulse Secure addressed the vulnerability in a security advisory with an updated version. Additionally, the vendor also recommended a workaround that can be implemented to mitigate the possibility of exploitation.
- Reference Link:
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
