Pulse connect secure has been reported with buffer overflow vulnerability on its Samba related code which may allow the remote authenticated attacker to execute arbitrary code as a root user.

Pulse Secure VPN, the product of Ivanti which is commonly used to connect to the networks via VPN has published a high severity vulnerability on its product which may allow an remote authenticated attacker to execute arbitrary code .

The flaw which is identified with CVE-2021-22908 as been assigned with 8.5 out of 10 on CVSS score which impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx respectively.

CERT has published the detailed report which states ” PCS includes the ability to connect to Windows file shares (SMB). This capability is provided by a number of CGI scripts, which in turn use libraries and helper applications based on Samba 4.5.10. When specifying a long server name for some SMB operations, the smbclt application may crash due to either a stack buffer overflow or a heap buffer overflow, depending on how long of a server name is specified. We have confirmed that PCS 9.1R11.4 systems are vulnerable, targeting a CGI endpoint of: /dana/fb/smb/wnf.cgi. “

“In order to be vulnerable, a PCS server must have a Windows File Access policy that allows \\* or it must have some other policy set that would allow an attacker to connect to an arbitrary server. In the administrative page for the PCS, see Users -> Resource Policies -> Windows File Access Policies to view your current SMB policy. Any PCS device that started as version 9.1R2 or earlier will have a default policy that allows connecting to arbitrary SMB hosts. Starting with 9.1R3, this policy was changed from a default allow to a default deny.”

Solution:

At the time writing this , there are no practical solution to this issue, however Pulse secure has pointed out some  Workaround-2105.xml file that contains a mitigation to protect against this vulnerability. Importing this XML workaround will activate the protections immediately and does not require any downtime for the VPN system. 

–-For more Cyber security news in crisp content . Please follow our site.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s