Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937)

6 August 2021

The patch for a vulnerability (CVE-2020-8260) in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. This new patch bypass vulnerability that could lead to remote code execution has been assigned a separate identification number (CVE-2021-22937) and has been fixed by Ivanti Pulse Secure on Monday (along with several other bugs).

Read full article on Help Net Security

Date:

6 August 2021

Categorie(s):

NEWS

Tag(s):

IT, Ivanti, NCC Group, Patch, VPNs

O2’s AI Granny Outsmarts Scam Callers with Knitting Tales15 November 2024
4M+ WordPress Websites to Attacks, Following Plugin Vulnerability15 November 2024
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables15 November 2024
CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities15 November 2024
Microsoft Power Pages misconfigurations exposing sensitive data15 November 2024