In Pulse Secure Pulse Connect Secure version 9.0RX prior to 9.0R3.4, 8.3RX prior to 8.3R7.1, 8.2RX prior to 8.2R12.1, and 8.1RX prior to 8.1R15.1 and Pulse Policy Secure version 9.0RX prior to 9.0R3.2, 5.4RX prior to 5.4R7.1, 5.3RX prior to 5.3R12.1, 5.2RX prior to 5.2R12.1, and 5.1RX prior to 5.1R15.1, the admin web interface allows an authenticated malicious user to inject and execute commands.
|Pulsesecure||Pulse Connect Secure||8.1r1.0, 8.1r1.1, 8.1r2.0, 8.1r2.1, 8.1r3.0, 8.1r3.1, 8.1r3.2, 8.1r4.0, 8.1r4.1, 8.1r5.0, 8.1r6.0, 8.1r7.0, 8.1r8.0, 8.1r9.0, 8.1r9.1, 8.1r9.2, 8.1r10.0, 8.1r11.0, 8.1r11.1, 8.1r12.0, 8.1r12.1, 8.1r13.0, 8.1r14.0, 8.2r1.0, 8.2r1.1, 8.2r2.0, 8.2r3.0, 8.2r3.1, 8.2r4.0, 8.2r4.1, 8.2r5.0, 8.2r5.1, 8.2r6.0, 8.2r7.0, 8.2r7.1, 8.2r7.2, 8.2r8.0, 8.2r8.1, 8.2r8.2, 8.2r9.0, 8.2r10.0, 8.2r11.0, 8.2r12.0, 8.2rx, 8.3r1, 8.3r2, 8.3r2.1, 8.3r3, 8.3r4, 8.3r5, 8.3r5.1, 8.3r5.2, 8.3r6, 8.3r6.1, 8.3r7, 8.3rx, 9.0r1, 9.0r2, 9.0r2.1, 9.0r3, 9.0r3.1, 9.0r3.2, 9.0rx|
|Pulsesecure||Pulse Policy Secure||5.1r1.0, 5.1r1.1, 5.1r2.0, 5.1r2.1, 5.1r3.0, 5.1r3.2, 5.1r4.0, 5.1r5.0, 5.1r6.0, 5.1r7.0, 5.1r8.0, 5.1r9.0, 5.1r9.1, 5.1r10.0, 5.1r11.0, 5.1r11.1, 5.1r12.0, 5.1r12.1, 5.1r13.0, 5.1r14.0, 5.2r1.0, 5.2r2.0, 5.2r3.0, 5.2r3.2, 5.2r4.0, 5.2r5.0, 5.2r6.0, 5.2r7.0, 5.2r7.1, 5.2r8.0, 5.2r9.0, 5.2r9.1, 5.2r10.0, 5.2r11.0, 5.2rx, 5.3r1.0, 5.3r1.1, 5.3r2.0, 5.3r3.0, 5.3r3.1, 5.3r4.0, 5.3r4.1, 5.3r5.0, 5.3r5.1, 5.3r5.2, 5.3r6.0, 5.3r7.0, 5.3r8.0, 5.3r8.1, 5.3r8.2, 5.3r9.0, 5.3r10., 5.3r11.0, 5.3r12.0, 5.3rx, 5.4r1, 5.4r2, 5.4r2.1, 5.4r3, 5.4r4, 5.4r5, 5.4r5.2, 5.4r6, 5.4r6.1, 5.4r7, 5.4rx, 9.0r1, 9.0r2, 9.0r2.1, 9.0r3, 9.0r3.1, 9.0rx|
This module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env(1) command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulse_secure_file_disclosure for a pre-auth file read that is able to obtain plaintext and hashed credentials, plus session IDs that may be used with this exploit. A valid administrator session ID is required in lieu of untested SSRF.
msf > use exploit/linux/http/pulse_secure_cmd_exec msf exploit(pulse_secure_cmd_exec) > show targets ...targets... msf exploit(pulse_secure_cmd_exec) > set TARGET < target-id > msf exploit(pulse_secure_cmd_exec) > show options ...show and set options... msf exploit(pulse_secure_cmd_exec) > exploit
The Sodinokibi ransomware strain is apparently behind the New Year’s Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services.
The criminals behind the attack are demanding a six-figure sum in return for the decryption key, according to reports, and are directing the company to a payment website hosted in Colorado.
“It is just business. We absolutely do not care about you or your details, except gettin...
State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.
The National Security Agency (NSA) issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–C...