New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

From thehackernews.com

Pulse Connect Secure

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges.

“Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user,” the company¬†said¬†in an alert published on May 14. “As of version 9.1R3, this permission is not enabled by default.”

Read more…