DETECTION OVERVIEW

Pulse Connect Secure Exploit Attempt -CVE-2021-22893

Risk Factors

Pulse Connect Secure (PCS) VPN gateways are commonly deployed in enterprise environments to manage SSL/TLS VPN connections that originate from the internet. This vulnerability enables attackers to steal sensitive data or install malware to facilitate additional attacks on the network.

Kill Chain

Exploitation

Risk Score

Attack Background

A PCS is a VPN gateway application that authorizes external access to internal network resources. An attacker can bypass authentication by submitting HTTP requests to vulnerable endpoints within Windows File Share Browser and Pulse Secure Collaboration features. This vulnerability enables an attacker to access internal files and perform many actions on network devices, such as installing webshells and running malicious commands.

Mitigation Options

Upgrade PCS to 9.1R.11.4

If unable to upgrade, import an XML file from Pulse Secure that disables the vulnerable features (see the Pulse Secure link in the Reference section)

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases