Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
| Link | Tags |
|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ | vendor advisory broken link |
| https://blog.pulsesecure.net/pulse-connect-secure-security-update/ | vendor advisory |
| https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html | third party advisory |
| https://kb.cert.org/vuls/id/213092 | third party advisory us government resource |
| https://www.kb.cert.org/vuls/id/213092 | us government resource |