Rewterz Threat Advisory – CVE-2019-11510 – Continued Exploitation of Pulse Secure VPN Vulnerability

Rewterz Threat Advisory – CVE-2020-1600 – Juniper Networks Junos OS Denial of Service in the RPD daemon

January 10, 2020

Rewterz Threat Alert – TA428 Group Taking Advantage of Recent Conflict between Iran and USA

January 13, 2020

Rewterz Threat Advisory – CVE-2019-11510 – Continued Exploitation of Pulse Secure VPN Vulnerability

Severity

High

Analysis Summary

A remote, unauthenticated attacker may be able to compromise a vulnerable VPN server. The attacker may be able to gain access to all active users and their plain-text credentials. It may also be possible for the attacker to execute arbitrary commands on each VPN client as it successfully connects to the VPN server.

Impact

Credential theft

Affected Vendors

Pulse Secure

Affected Products

Pulse Connect Secure 9.0R1 – 9.0R3.3
Pulse Connect Secure 8.3R1 – 8.3R7
Pulse Connect Secure 8.2R1 – 8.2R12
Pulse Connect Secure 8.1R1 – 8.1R15
Pulse Policy Secure 9.0R1 – 9.0R3.1
Pulse Policy Secure 5.4R1 – 5.4R7
Pulse Policy Secure 5.3R1 – 5.3R12
Pulse Policy Secure 5.2R1 – 5.2R12
Pulse Policy Secure 5.1R1 – 5.1R15

Remediation

Please see vendor’s advisory for the list of updated patches.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

Rewterz Threat Advisory – CVE-2020-1600 – Juniper Networks Junos OS Denial of Service in the RPD daemon

Rewterz Threat Alert – TA428 Group Taking Advantage of Recent Conflict between Iran and USA

Rewterz Threat Advisory – CVE-2019-11510 – Continued Exploitation of Pulse Secure VPN Vulnerability

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan