![pulse secure update pulse secure update](https://devco.re/assets/img/blog/20190902/1.png)
Some have speculated the lag time in patching these VPNs led to the eventual massive ransomware attack against Travelex.
Pulse secure update Patch#
One such vulnerable organization was Travelex, which took several months to patch critical vulnerabilities in its seven Pulse Secure VPN servers, according to Bad Packets. 3, 2020, Mursch said 3,825 endpoints remain vulnerable. During that time, Troy Mursch with Bad Packets identified over 14,500 Pulse Secure VPN endpoints that were vulnerable to this flaw. In a more recent scan, on Jan. Attackers can exploit the flaw to get initial access on the VPN server, where they’re able to access credentials. A proof of concept (PoC) was made public in August 2019. The flaw exists in Pulse Connect Secure, Pulse Secure’s SSL VPN (virtual private network) platform used by various enterprises and organizations. Exploitation of the vulnerability is simple, which is why it received a 10 out of 10 CVSS ranking. “If-after applying the detection measures in this alert-organizations detect evidence of CVE-2019-11510 exploitation, CISA recommends changing passwords for all Active Directory accounts, including administrators and services accounts.”
Pulse secure update upgrade#
“CISA strongly urges organizations that have not yet done so to upgrade their Pulse Secure VPN to the corresponding patches for CVE-2019-11510,” according to CISA’s alert. Attackers have already exploited the flaw to snatch up victims’ credentials – and now are using those credentials to move laterally through organizations, DHS’ Cybersecurity and Infrastructure Security Agency (CISA) warned in the Thursday alert. Tracked as CVE-2019-11510, the bug was patched by Pulse Secure in April 2019, and many companies impacted by the flaw issued the fix to address the vulnerability since then.īut in many cases the damage is already done. So even those who have patched for the bug could still be compromised and are vulnerable to attack.Īt the heart of the advisory is a known, critical Pulse Secure arbitrary file reading flaw that opens systems to exploitation from remote, unauthenticated attackers to gain access to a victim’s networks. Government officials say before the patches were deployed, bad actors were able to compromise Active Directory accounts.
![pulse secure update pulse secure update](https://docs.pulsesecure.net/WebHelp/PDC/9.1R4/assets/inset_400052.png)
The Department of Homeland Security (DHS) is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN.ĭHS warns that the Pulse Secure VPN patches may have come too late.