perm_phone_msgUNDER ATTACK? S.O.S. LINE 0114 354 0054

Top Categories

Spotlight

today03/12/2021

Cyber security TechRepublic

How well do you know your APIs? Not well enough, says Cisco

Many APIs are openly accessible online, and that means big chunks of your apps are, too. Cisco’s Vijoy Pandey has tools and tips to help businesses get visibility into their APIs. Image: Shutterstock/Den Rise There’s a slight problem in the world of app development, and it’s one that’s pretty fundamental [...]

Top Voted
Sorry, there is nothing for the moment.

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn’t want you to be pwned via a phishing link

Cyber security The Register today29/08/2020 3

Background
share close

Stop us if you’ve heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs.

Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. The other holes are yet to be addressed, and so details on those remain under wraps for now.

What we do know is that CVE-2020-8218 can be exploited to execute code on the VPN system by tricking an administrator into, say, opening a URL.

An arm reaching through a screen

That Pulse Secure VPN you’re using to protect your data? Better get it patched – or it’s going to be ransomware time

READ MORE

“Many vulnerabilities had been found in previous versions of the VPN, so we were eager to see if we could find shortcomings of our own in the latest one,” GoSecure’s Jean-Frédéric Gauron explained. “After some time, we did manage to find several new vulnerabilities that allow, among other things, an unauthenticated user to run arbitrary code remotely (RCE). The RCE itself (CVE-2020-8218) requires to be authenticated with admin privileges but can also be triggered by an unsuspecting admin simply clicking on a malicious link.”

Essentially, the Perl code powering the VPN’s admin panel can be fooled into writing a user-controlled URL parameter to a cache file, and then passing that parameter from the cache file directly to the underlying operating system’s command interpreter. Thus a malicious command to download and run malware can be executed on the box by opening a bad link.

Given the above advisory has all the information someone needs to build a working exploit, you should probably patch the bug. “While it does require to be authenticated, the fact that it can be triggered by a simple phishing attack on the right victim should be evidence enough that this vulnerability is not to be ignored,” Gauron noted.

Updating to Pulse Connect Secure (PCS) 9.1R8 or Pulse Policy Secure (PPS) 9.1R8 fixes CVE-2020-8218 as well as vulnerabilities found by others, including CVE-2020-8206 (“Attacker can bypass the Google TOTP, if the primary credentials are exposed to attacker”) and CVE-2020-8221 (“Authenticated attacker via the administrator web interface can read arbitrary files”).

Researchers Maxime Nadeau, Romain Carnus, Simon Nolet, Jean-Frédéric Gauron, Temuujin Darkhantsetseg, and Julien Pineault were credited for finding CVE-2020-8218. ®

See the original article here: The Register

Written by: The Register

Rate it
Previous post

Designed by Cloud Boffins