New High-Severity Vulnerability Reported in Pulse Connect Secure VPN


Pulse Connect Secure

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges.

“Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user,” the company said in an alert published on May 14. “As of version 9.1R3, this permission is not enabled by default.”

Read more…