Over 14,500 Pulse Secure VPN endpoints vulnerable to CVE-2019-11510
On Thursday, August 22, 2019, our honeypots detected opportunistic mass scanning activity from a host in Spain targeting Pulse Secure “Pulse Connect Secure” VPN server endpoints vulnerable to CVE-2019-11510. This arbitrary file reading vulnerability allows sensitive information disclosure enabling unauthenticated attackers to access private keys and user passwords. Further exploitation using the leaked credentials can lead to remote command injection (CVE-2019-11539) and allow attackers to gain access inside private VPN networks. ⚠️ 𝗪𝗔𝗥𝗡𝗜𝗡𝗚 ⚠️Mass scanning activity detected from 2.137.127.2 (🇪🇸) checking for @pulsesecure Pulse Connect Secure VPN endpoints vulnerable to arbitrary file reading (CVE-2019-11510).#threatintel pic.twitter.com/fiRUMKjwbE — Bad Packets Report (@bad_packets) …
Read MoreOver 14,500 Pulse Secure VPN endpoints vulnerable to CVE-2019-11510