Pulse Secure, LLC過往隸屬Juniper Networks的Junos Pulse產品線,後由Siris Capital收購,專職開發SSL VPN遠端存取服務,近期外部研究者Rafael Pedrero、Ekzhin Ear檢測出Pulse Secure產品瑕疵,其Secure Access SSL VPN軟體SA-4000因update.cgi權限控管欠佳,恐遭低權限人員竄改參數,然SA-4000已逾官方維護生命週期;另虛擬流量管理器Virtual Traffic Manager(vTM)之XSS,讓遠端攻擊者能注入腳本程式語言,以及避開授權查驗,探勘後果為外流受害者活動歷史、帳密等隱私資料。
影響產品:
- Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631)
- Virtual Traffic Manager 9.9r2之前版本、4r1
解決辦法:連結https://my.pulsesecure.net/members/redirect/?application=licensinganddownloadcenter,登入會員帳密,下載更新。
資料來源:
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
- https://seclists.org/fulldisclosure/2018/Dec/37
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20306
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20307
- https://vuldb.com//?id.128289
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20193
- https://www.pulsesecure.net/vtm/tech-info/
- https://my.pulsesecure.net/members/redirect/?application=licensinganddownloadcenter
