A remote code execution vulnerability found in Pulse Secure VPN appliances has been exploited in attacks impacting government, defense and financial organizations.
- Arielle Waldman, News Writer
A zero-day vulnerability in Pulse Secure VPN appliances is being exploited by threat actors in several attacks on government targets as well as financial organizations and defense contractors.
In an out-of-band advisory Tuesday, Pulse Secure disclosed a vulnerability was discovered in its Pulse Connect Secure (PCS) series that allows a remote unauthenticated attacker to bypass authentication and execute arbitrary code. The critical vulnerability dubbed -- CVE-2021-22899 -- received a CVSS maximum score of 10 and affects PCS 9.0R3 and higher. Pulse Secure said the vulnerability poses a significant risk to customer deployment, but also that the issue impacted a very limited number of customers.
The risk was significant enough that on Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA ...
Copyright of this story solely belongs to searchsecurity.techtarget.com . To see the full text click HERE