On April 24th, 2019, Pulse Secure released security fixes for a critical Remote Code Execution (RCE) vulnerability, CVE-2019-11510, for Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) appliances. This vulnerability is critical and should be patched immediately. Failure to apply the security fixes may pose a security risk of unauthorized access to your network.
Pulse Secure strongly recommends upgrading to a patched software version as soon as possible to avoid a potential use of the vulnerability. As a precautionary measure, PSIRT is recommending changing all passwords (especially admin credentials) that are used to authenticate with the Pulse Connect Secure device.
If the devices are already patched, no further action is required. |