On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular
The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability.
“Unauthenticated remote attacker with network access via HTTPS can send a specially crafted URI to perform an arbitrary file reading vulnerability.” reads the advisory.
The vulnerability could be easily exploitable by using publicly available proof-of-concept code.
The scanning activity detected by the
Attackers attempted to download the “etc/passwd” file that contains the
“A successful “HTTP 200/OK” response to this scan indicates the VPN endpoint is vulnerable to further attacks. Given the ongoing scanning activity, it’s likely the attackers have enumerated all publicly accessible hosts vulnerable to CVE-2019-11510.” reads the post published by
Most of the vulnerable hosts were in the U.S.
The researchers also analyzed the distribution of the vulnerable hosts by industry and discovered that the flaw affects hosts in:
BadPackers did not disclose the list of affected organizations to avoid that threat actors will target them.
“Pulse Secure VPN administrators need to immediately ensure they’re not using versions of the “Pulse Connect Secure” server software vulnerable to CVE-2019-11510. Pulse Secure has provided guidance on how to update to fixed versions.” concludes the post.
(SecurityAffairs – CVE-2019-11510, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.