Posted on Leave a comment

Ivanti Fixes Code Execution Vulnerabilities On Pulse Secure VPN.

Good News, Ivanti has released the patch for critical code execution vulnerability which may lead to complete root level privileges on Pulse Connect Secure VPN along with the patches for multiple security vulnerabilities.

Ivanti noted, that the vulnerability which received CVSS 7.2 with CVE-2021-22937 is the bypass of the vulnerability  CVE-2020-8260.

Successful exploitation of this issue results in Remote Code Execution on the underlying Operating System with root privileges. An attacker with such access will be able to circumvent any restrictions enforced via the web application, as well as remount the filesystem, allowing them to create a persistent backdoor, extract and decrypt credentials, compromise VPN clients, or pivot into the internal network.” released in the advisory.

Proof of concept:

Ivanti says that Pulse Connect Secure VPN suffers from “uncontrolled archive extraction vulnerability which allows an attacker to write executable files within the /home/runtime/tmp/tt/ directory, resulting in Remote Code Execution. PCS allows administrative users to import archived configurations.

“These configurations are compressed using GZIP and encrypted using a hardcoded key, allowing the attacker to encrypt and decrypt their own crafted archive files. When these archives are imported via the administrative GUI, extraction takes place in an unsafe manner, leading to arbitrary file (over)write.” mentioned in the advisory.

The vendor has recommended the vpn users to upgrade to  Pulse Connect Secure (PCS) 9.1R12, or later version to remain protected from this vulnerability.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply