In normal circumstances, IT team will be avoid people scanning their site. Perhaps sometimes this check will be avoided of the careless mistake. 4th May 2021

Preface: US Homeland security urge their local country computer users should stay alert of multiple vulnerabilities matter on Pulse Secure product. Perhaps all the world should be aware of it.

Synopsis: As times goes by, Pulse secure acquired juniper SSL VPN product for few years. Perhaps we can remember that Juniper is the active player on telecommunication services provider. Around the world including enterprise firm, they are satisfy with Juniper SSL VPN services.

Security focus: Product Affected by vulnerabilities (PCS: 9.1Rx and 9.0Rx)
CVE-2021-22894 – Buffer overflow in Pulse Connect Secure Collaboration Suite before 9.1R11.4 allows a remote authenticated users to execute arbitrary code as the root user via maliciously crafted meeting room.
CVE-2021-22899 – allows a remote authenticated users to perform remote code execution via Windows File Resource Profiles.
CVE-2021-22900 – allow an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Details please refer to linkhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.