A few weeks ago, we released a blogpost about an authenticated RCE we found in Pulse Connect Secure (CVE-2020-8218). In that post, we mentioned that we discovered more vulnerabilities. Four vulnerabilities were discovered on Pulse Secure Connect, a VPN (Virtual...
Update: A full remote pre-authentication exploitation chain proof of concept has been documented by our team now that Pulse Secure made all the software patches available. During an engagement, we discovered a Pulse Secure SSL VPN running the version 9.1R7, which was...