• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 6, 2021
Rewterz Threat Alert – FormBook Malware – Fresh IOCs
August 6, 2021

Rewterz Threat Advisory –Multiple VMware Security Vulnerabilities

August 6, 2021

Severity

High

Analysis Summary

CVE-2021-22937

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

CVE-2021-22933

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

CVE-2021-22934

A vulnerability in Pulse Connect Secure could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

CVE-2021-22935

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

CVE-2021-22936

A vulnerability in Pulse Connect Secure could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

CVE-2021-22938

A vulnerability in Pulse Connect Secure could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

Impact

  • Cross-site Scripting
  • Command Injection
  • Unauthorized Access

Affected Vendors

Pulse Secure

Affected Products

  • Pulse Connect Secure

Remediation

Upgrade to the latest Pulse Connect Secure server software for updates and suggested workarounds.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858/?kA23Z000000L6oySAC
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.