CISA Alert: Continued Exploitation of Pulse Secure Vulnerability

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has released an alert emphasizing that unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Pulse Secure disclosed the vulnerability and provided software patches in April 2019, but CISA continues to observe wide exploitation of the vulnerabilities. A remote, unauthenticated attacker can exploit this vulnerability to compromise a VPN server. The attacker may be able to gain access to all active users and their plain-text credentials. It may also be possible for the attacker to execute arbitrary commands on each VPN client as it successfully connects to the VPN server. CISA strongly urges users and administrators to upgrade to the corresponding fixes. Read the alert at CISA.