Pulse Secure: Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937)

The patch for a vulnerability (CVE-2020-8260) in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. This new patch bypass vulnerability that could lead to remote code execution has been assigned a separate identification number (CVE-2021-22937) and has been fixed by Ivanti Pulse Secure on Monday (along with several other bugs). While Warren hasn't released a usable PoC, he has explained how ... More → The post Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937) appeared first on Help Net Security.