430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors. Over the years, researchers disclosed several severe vulnerabilities in the server software, in […]

Pulse Connect Secure

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet.

Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors.

Over the years, researchers disclosed several severe vulnerabilities in the server software, in April of 2021, CISA published a report warning of the exploitation of Pulse Connect secure flaws.

Now Censys researchers discovered that 4,460 Pulse Connect Secure hosts out of 30,266 installs, which are exposed to the Internet, lack of security patches.

“In total, Censys has found 30,266 Pulse Connect Secure hosts running on the internet.” reads the post published by Censys. “One of the easiest ways to find these running using Censys is to search for a specific URI that can be found in the HTTP response body of a Pulse Connect Secure web service.

services.http.response.body:  `/dana-na/`

Of those exposed, 4,460 hosts have been identified as running a software version vulnerable to one or more of the seven security advisories we reviewed.”

Most of the vulnerable hosts on the Internet, 3,528 hosts, lack patches (SA44858) released in August 2021 by the vendor to resolve the following issues:

CVE-2021-22937HIGH
CVE-2021-22933MEDIUM
CVE-2021-22934 HIGH
CVE-2021-22935HIGH
CVE-2021-22936MEDIUM
CVE-2021-22938HIGH

Censys also discovered 1,841 vulnerable hosts that are yet to be patched against four issues (SA44784) addressed by the vendor in April 2021:

CVE-2021-22893CRITICAL
CVE-2021-22894CRITICAL
CVE-2021-22899CRITICAL
CVE-2021-22900HIGH

Experts also discovered 28 hosts exposed online that have yet to address a critical vulnerability, tracked as CVE-2018-5299, that was disclosed in early 2018 and addressed by the vendor with the release of SA43604.

The report also provides a Breakdown by Country (Top 20), the United States has the most significant total number of Pulse Connect installations with 8,575 hosts, but only 12% are missing security patches.

A worrisome scenario is represented by France, which has only 1,422 Pulse Connect devices on the Internet, but a little over 30% of them are running a vulnerable version.

Let me suggest reading the report which includes a lot of interesting data.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pulse)

[adrotate banner=”5″]

[adrotate banner=”13″]