Pulse Secure has issued a workaround for a critical remote-code execution vulnerability in its Pulse Connect Secure (PCS) VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges. One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again. CERT Coordination Center issued a report about the vulnerability, explaining that the problem stems from a buffer overflow vulnerability in the PCS gateway. There’s currently no practical solution to this problem, at least not that CERT/CC is aware of.
Source: https://threatpost.com/pulse-secure-vpns-critical-rce/166437/