Exposed to Internet: More Than 4,000 Vulnerable Pulse Connect Secure Hosts


Pulse Connect Secure offers mobile and remote customers safe access to company resources and is touted as the most extensively used SSL VPN solution. Ivanti added the VPN appliance to its lineup in 2020 after purchasing Pulse Secure.

Government agencies have released many advisories to warn of the ongoing exploitation of unpatched vulnerabilities in these appliances, which are known for being the preferred target of both cybercriminals and state-sponsored threat actors.

Despite this, a large number of Pulse Connect Secure hosts are still vulnerable, according to a recent report from Censys: 4,460 out of 30,266 internet-accessible appliances need patches.

Also Read: Addressing SaaS Security Challenges with Comprehensive SaaS Management

The research states that six vulnerabilities, including a critical-severity file write issue that may be used to execute arbitrary code with root capabilities, are still unpatched in about 3,500 of the vulnerable appliances.

Read More: Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet