Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Published: 2021-04-20
Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. Update May 3, 2021: The Analysis and Solution sections have been updated to reflect the availability of a patch to address CVE-2021-22893 as well as three other vulnerabilities addressed as part of the same patch.
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns
https://www.kb.cert.org/vuls/id/213092
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
https://kb.cert.org/vuls/id/213092
https://blog.pulsesecure.net/pulse-connect-secure-security-update/