The CVE-2018-13379 is a path traversal vulnerability in the
“A path traversal vulnerability in the
The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability.
“Unauthenticated remote attacker with network access via HTTPS can send a specially crafted URI to perform an arbitrary file reading vulnerability.” reads the advisory.
The vulnerabilities were first reported in July by researchers Orange Tsai and Meh Chang from DEVCORE that found several flaws in Fortinet, Palo Alto Networks and Pulse Secure products. The issues could be exploited by threat actors to access corporate networks and steal sensitive documents.
The security duo shared the results of their analysis at the Black Hat and DEFCON hacking conferences and proof-of-concept (PoC) exploits were publicly disclosed after their talks.
Even if the impacted vendors have released security advisories for the vulnerabilities discovered by the experts, attackers are attempting to exploit them in attacks in the wild.
Beaumont pointed out that an attacker could exploit the CVE-2018-13379 flaw to obtain administrator credentials in plain text, using the
(SecurityAffairs – Pulse Security Products, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.