7,712 Pulse Secure VPN servers vulnerable to CVE-2019-11510 worldwide
This arbitrary file reading vulnerability allows sensitive information disclosure enabling unauthenticated attackers to access private keys and user passwords. Further exploitation using the leaked credentials can lead to remote command injection (CVE-2019-11539) and allow attackers to gain access inside the private VPN network (CRITICAL RISK). Our disclosure is available here: https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
In the last week, a new proof-of-concept post was published demonstrating client RCE and how to obtain root SSH access to the Pulse Secure VPN server. This illustrates how CVE-2019-11510 can be exploited further to spread malware and gain a persistent backdoor into sensitive networks. Link: https://medium.com/bugbountywriteup/pulse-secure-ssl-vpn-post-auth-rce-to-ssh-shell-2b497d35c35b
Opportunistic mass scanning and exploit activity continues as well. We’ve detected additional hosts attempting to download "etc/passwd" and "etc/hosts" files from vulnerable Pulse Secure VPN servers. We've also identified compromised Pulse Secure VPN servers in the wild, so it's imperative to patch your affected servers.
Results are freely available for authorized CERT, CSIRT, and ISAC teams. Submit request via https://badpackets.net/contact/.
Total vulnerable Pulse Secure VPN servers by country: 🇺🇸 United States: 2,534 🇯🇵 Japan: 1,080 🇬🇧 United Kingdom: 531 🇫🇷 France: 315 🇰🇷 South Korea: 278 🇩🇪 Germany: 274 🇨🇳 China: 206 🇧🇪 Belgium: 181 🇨🇦 Canada: 175 🇨🇭 Switzerland: 163 All others: 1,975
World Map: https://docs.google.com/spreadsheets/d/1m5UyE5eRZ8wN5lGUN0dwUhCtJPpqVIPcS_LTk_SToY4/edit#gid=1141509958
0 comments
[ 4.0 ms ] story [ 13.6 ms ] threadNo comments yet.