#VU26750 Permissions, Privileges, and Access Controls in Ivanti Connect Secure (formerly Pulse Connect Secure) and Ivanti Policy Secure (formerly Pulse Policy Secure)
Vulnerability identifier: #VU26750
Vulnerability risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)
Server applications /
Remote access servers, VPN
Ivanti Policy Secure (formerly Pulse Policy Secure)
Server applications /
Remote access servers, VPN
Vendor: Ivanti
Description
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the applet in tncc.jar launches a TCP server that accepts local connections on a random port and can be reached by local HTTP clients. A remote attacker can use this issue to gather information from the system or perform further interactions with the victim's system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
Ivanti Connect Secure (formerly Pulse Connect Secure): All versions
Ivanti Policy Secure (formerly Pulse Policy Secure): All versions
External links
http://git.lsd.cat/g/pulse-host-checker-rce
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44426
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
