Heimdal
article featured image

Contents:

Researchers have found more than 4,000 vulnerable Pulse Connect Secure hosts being exposed to the internet. Pulse Connect Secure is a popular remote connectivity VPN solution, which is precisely why it has become the target of attacks from multiple threat actors over time.

Back in April 2021, following the discovery of multiple vulnerabilities within Pulse Connect Secure, CISA published a report warning about how hackers were using these flaws.

Censys researchers recently revealed that 4,500 Pulse Connect Secure hosts out of 30,266 installs were found to be exposed to the Internet without security patches.

In total, Censys has found 30,266 Pulse Connect Secure hosts running on the internet. One of the easiest ways to find these running using Censys is to search for a specific URI that can be found in the HTTP response body of a Pulse Connect Secure web service.

Source

 

To clarify the matter, the report further explains that most of the vulnerable hosts on the Internet, 3,528 hosts, lack patches (SA44858) released by the vendor back in August 2021. The patches were aimed at resolving the following CVEs:

Source

Furthermore, Censys discovered 1,841 vulnerable hosts that are yet to be patched against four issues (SA44784) addressed in April last year:

Source

On top of that, experts also mentioned 28 hosts exposed online with an unattended critical vulnerabilityCVE-2018-5299, which goes back to 2018 and also had a patch released, SA43604.

A Breakdown by Country (Top 20) completes the report on the matter, with the United States having the most significant total number of Pulse Connect installations with 8,575 hosts, but only 12% are missing security patches. On the other hand, in France there are only 1,422 Pulse Connect devices on the Internet, 30% of them running a version that is vulnerable to one or more of the seven analyzed advisories.

Source

After Ivanti acquired Pulse Secure in 2020, they turned their attention towards simplifying deployment with their VPN appliance, making Pulse Connect Secure is the most widely deployed SSL VPN solution.

Pulse Secure is often exploited by a variety of cybercriminals and state-sponsored actors to conduct attacks on other systems. In this regard, government agencies have issued multiple alerts, warning that the vulnerabilities in these products will continue to be exploited if left unpatched.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE