In April 2021, Pulse Secure released a security advisory about a critical vulnerability in their VPN solution, Pulse Connect Secure (PCS). The vulnerability, tracked as CVE-2021-22893, could allow an attacker to remotely execute code on a vulnerable system, bypass authentication, and access sensitive information. In this post, we’ll discuss the details of the vulnerability, steps to test for it, and how to mitigate it.
Background on Pulse Connect Secure
Pulse Connect Secure is a widely used SSL VPN solution that allows remote workers to securely access their organization’s resources. The software is used by many Fortune 500 companies and government agencies.
Details of CVE-2021-22893
CVE-2021-22893 is a critical vulnerability in Pulse Connect Secure that affects versions 9.0R3 and higher. The vulnerability allows an attacker to remotely execute code on a vulnerable system, bypass authentication, and access sensitive information.
The vulnerability is caused by a flaw in the Pulse Connect Secure admin web interface. An attacker can exploit this flaw by sending a specially crafted HTTP request to the interface. Successful exploitation of the vulnerability could allow an attacker to gain full access to a targeted system, including stealing sensitive data and executing commands on the system.
Steps to Test for CVE-2021-22893
To test if your system is vulnerable to CVE-2021-22893, you can use the following steps:
- Download and install the Pulse Secure Desktop Client from the Pulse Secure website.
- Connect to your organization’s VPN using the client.
- Open a web browser and navigate to the following URL:
https://[PCS_IP_ADDRESS]/dana/html5acc/guacamole.jsp?c=ls&h=../ - If the Pulse Connect Secure system is vulnerable, you will see a directory listing of the server’s filesystem.
If you are unable to perform this test, you can also use the Pulse Secure Integrity Checker tool, which is available on the Pulse Secure website. This tool can check if your system is vulnerable to CVE-2021-22893 and other known vulnerabilities.
Mitigation for CVE-2021-22893
Pulse Secure has released several patches to address CVE-2021-22893, and they recommend that all customers upgrade to the latest version of the software as soon as possible. The following versions of the software contain patches for the vulnerability:
- Pulse Connect Secure 9.1R.11
- Pulse Connect Secure 9.0R5, 9.0R6, and 9.0R7.2
- Pulse Policy Secure 9.1R.11
- Pulse Policy Secure 9.0R5, 9.0R6, and 9.0R7.2
In addition to upgrading the software, Pulse Secure also recommends disabling unused features and implementing multi-factor authentication for remote access.
Conclusion
CVE-2021-22893 is a critical vulnerability in Pulse Connect Secure that could allow an attacker to remotely execute code on a vulnerable system, bypass authentication, and access sensitive information. To protect against this vulnerability, it’s important to upgrade to the latest version of the software and follow the recommended mitigation steps. By taking these steps, you can help protect your organization from this and other similar vulnerabilities.