At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the InternetSecurity Affairs

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the InternetSecurity Affairs

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet.

Pulse Connect Secure is a widely deployed SSL VPN solution for remote and mobile users, for this reason it is a target of attacks by various threat actors.

Over the years, researchers have disclosed several serious vulnerabilities in the server software, in April 2021, CISA published a report warning against the exploitation of Pulse Connect security flaws.

Now, Censys researchers have discovered that 4,460 Pulse Connect Secure hosts out of 30,266 installations, exposed to the Internet, lack security arrangements.

“In total, Censys found 30,266 Pulse Connect Secure hosts running on the Internet.” reads the report published by Censys. “One of the easiest ways to find what’s running with Censys is to search for a specific URI that can be found in the HTTP response body of a Pulse Connect Secure web service.

services.http.response.body: `/dana-na/`

Of those exposed, 4,460 hosts were identified as having a software version vulnerable to one or more of the seven security advisories we reviewed.

Most of the vulnerable hosts on the Internet, 3,528 hosts, do not have patches (SA44858) released by the vendor in August 2021 to address the following issues:

Censys also discovered 1,841 vulnerable hosts that have yet to be patched against four issues (SA44784) addressed by the vendor in April 2021:

Experts also discovered 28 hosts exposed online that have not yet addressed a critical vulnerability, tracked as CVE-2018-5299, which was disclosed in early 2018 and addressed by the vendor with the release of SA43604.

The report also provides a breakdown by country (Top 20), the United States has the largest total number of Pulse Connect installations with 8,575 hosts, but only 12% lack security arrangements.

A worrying scenario is represented by France, which has only 1,422 Pulse Connect devices on the Internet, but a little more than 30% of them have a vulnerable version.

Let me suggest you read the report which includes a lot of interesting data.

Follow me on Twitter: @sekuriteitsake and Facebook and Mastodon

Pierluigi Paganini

(Safety matters burglary, pulse)

Leave a Reply

Your email address will not be published. Required fields are marked *