Rewterz Threat Advisory – CVE-2020-1600 – Juniper Networks Junos OS Denial of Service in the RPD daemon
January 10, 2020Rewterz Threat Alert – TA428 Group Taking Advantage of Recent Conflict between Iran and USA
January 13, 2020Rewterz Threat Advisory – CVE-2020-1600 – Juniper Networks Junos OS Denial of Service in the RPD daemon
January 10, 2020Rewterz Threat Alert – TA428 Group Taking Advantage of Recent Conflict between Iran and USA
January 13, 2020Severity
High
Analysis Summary
A remote, unauthenticated attacker may be able to compromise a vulnerable VPN server. The attacker may be able to gain access to all active users and their plain-text credentials. It may also be possible for the attacker to execute arbitrary commands on each VPN client as it successfully connects to the VPN server.
Impact
Credential theft
Affected Vendors
Pulse Secure
Affected Products
- Pulse Connect Secure 9.0R1 – 9.0R3.3
- Pulse Connect Secure 8.3R1 – 8.3R7
- Pulse Connect Secure 8.2R1 – 8.2R12
- Pulse Connect Secure 8.1R1 – 8.1R15
- Pulse Policy Secure 9.0R1 – 9.0R3.1
- Pulse Policy Secure 5.4R1 – 5.4R7
- Pulse Policy Secure 5.3R1 – 5.3R12
- Pulse Policy Secure 5.2R1 – 5.2R12
- Pulse Policy Secure 5.1R1 – 5.1R15
Remediation
Please see vendor’s advisory for the list of updated patches.
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/