Request a Demo
Rewterz
Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 6, 2021
Rewterz
Rewterz Threat Alert – FormBook Malware – Fresh IOCs
August 6, 2021

Rewterz Threat Advisory –Multiple VMware Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-22937

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

CVE-2021-22933

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

CVE-2021-22934

A vulnerability in Pulse Connect Secure could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

CVE-2021-22935

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

CVE-2021-22936

A vulnerability in Pulse Connect Secure could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

CVE-2021-22938

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

Impact

  • Cross-site Scripting
  • Command Injection
  • Unauthorized Access

Affected Vendors

Pulse Secure

Affected Products

  • Pulse Connect Secure

Remediation

Upgrade to the latest Pulse Connect Secure server software for updates and suggested workarounds.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC