Pulse.Secure.SSL.VPN.Authenticated.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection vulnerability in Pulse Connect Secure.
The vulnerability is due to insufficient sanitizing of user supplied inputs. An authenticated remote attacker may be able to exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.
Affected Products
Pulse Connect Secure 9.0RX before 9.0R3.4
Pulse Connect Secure 8.3RX before 8.3R7.1
Pulse Connect Secure 8.2RX before 8.2R12.1
Pulse Connect Secure 8.1RX before 8.1R15.1
Pulse Policy Secure 9.0RX before 9.0R3.2
Pulse Policy Secure 5.4RX before 5.4R7.1
Pulse Policy Secure 5.3RX before 5.3R12.1
Pulse Policy Secure 5.2RX before 5.2R12.1
Pulse Policy Secure 5.1RX before 5.1R15.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's advisory for updates:
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-11-24 | 18.202 | Sig Added |
2019-09-25 | 14.694 | Default_action:pass:drop |
2019-09-11 | 14.685 |