Patching vulnerable enterprise VPNs from Pulse Secure is not enough to keep out malicious actors who have already exploited a vulnerability, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns.
Last year, security researchers disclosed many flaws in VPN products from Fortinet, Palo Alto Networks and Pulse Secure, revealing that attackers could target them to infiltrate corporate networks, steal sensitive data, or even eavesdrop on communications.
A total of 10 vulnerabilities were reported to Pulse Secure in March last year, and patches for them were released on April 24, 2019. The most severe of these issues, which was assigned CVE-2019-11510 (CVSS score 10), can be abused by an unauthenticated, remote attacker to execute arbitrary code.
