The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on a known remote code execution (RCE) vulnerability. The vulnerability is tracked as CVE-2019-11510 and disclosed by Orange Tsai and Meh Chang from the DEVCORE research team, and by Jake Valletta from FireEye in an April 2019 out-of-cycle advisory. On unpatched systems, the flaw “allows people without valid usernames and passwords to remotely connect to the corporate network the device is supposed to protect”””
Source: https://www.bleepingcomputer.com/news/security/us-govt-warns-of-attacks-on-unpatched-pulse-vpn-servers/

