![]() ![]() Tracked as CVE-2021-22937 (CVSS score: 9.1), the shortcoming could "allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface," according to Pulse Secure. The disclosure comes days after Ivanti, the company behind Pulse Secure, published an advisory for as many as six security vulnerabilities on August 2, urging customers to move quickly to update to Pulse Connect Secure version 9.1R12 to secure against any exploitation attempts targeting the flaws. ![]() "An attacker with such access will be able to circumvent any restrictions enforced via the web application, as well as remount the filesystem, allowing them to create a persistent backdoor, extract and decrypt credentials, compromise VPN clients, or pivot into the internal network," Warren added.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |