Continued Exploitation of Pulse Secure VPN Vulnerability
Unpatched Pulse Secure VPN servers are persistently targeted by malicious actors due to a known vulnerability. This vulnerability, identified as CVE-2019-11510, allows for arbitrary file reading. The vulnerability was disclosed and patched by Pulse Secure in April 2019. Despite the patch availability, exploitation of the vulnerability continues to be widely observed. CISA warns of ongoing attacks exploiting unpatched environments. The attacks can lead to complete server compromise and access to user credentials. An attacker can potentially execute arbitrary commands on connecting VPN clients. Affected versions of Pulse Connect Secure and Pulse Policy Secure are specified. The only effective mitigation is to apply the vendor-provided patches and perform system updates. Organizations are strongly advised by CISA to upgrade to the necessary fixes immediately. Numerous reports, advisories, and demonstrations have highlighted and detailed the severity of this issue.