Ivanti has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. The flaw concerns “multiple use after free” issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to execute arbitrary code and take control of the affected system. FireEye Mandiant disclosed a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in the remote access solution.
Source: https://thehackernews.com/2021/05/critical-patch-out-for-month-old-pulse.html