Blog | G5 Cyber Security

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

U.S. Cybersecurity and Infrastructure Security Agency issues fresh advisory on Pulse Secure VPN vulnerability. Known as CVE-2019-11510, the pre-authentication arbitrary file read vulnerability could allow remote unauthenticated attackers to compromise vulnerable VPN servers and gain access to all active users and their plain-text credentials, and execute arbitrary commands. The flaw stems from the fact that directory traversal is hard-coded to be allowed if a path contains “dana/html5/acc,” thus allowing an attacker to send specially crafted URLs to read sensitive files.

Source: https://thehackernews.com/2020/04/pulse-secure-vpn-vulnerability.html

Exit mobile version