[German]The ncccgroup released a Technical Advisory as of August 5 warning of the RCE vulnerability CVE-2021-22937 in Pulse Connect Secure. The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability that allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. This vulnerability is a workaround to patch for CVE-2020-8260.
Advertising
According to information published in the Technical Advisory, successful exploitation of this vulnerability results in remote code execution on the underlying operating system with root privileges. An attacker with such access can bypass any restrictions enforced via the web application and remount the file system, allowing them to create a permanent backdoor, extract and decrypt credentials, compromise VPN clients, or penetrate the internal network.
The manufacturer recommends upgrading to Pulse Connect Secure (PCS) 9.1R12, or higher.
Advertising