
Nicole IbarraNovember 9, 2021
Pulse Secure VPN Critical Vulnerabilities and Exposures (CVE)
We’ve said it before and we’ll say it again. VPNs have well overstayed their welcome. Here’s a look at some of the news headlines and CVEs related to Pulse Connect Secure.
We’ve always advocated for Zero Trust Network Access (ZTNA) as the superior alternative to VPNs. Unpatched and outdated VPNs can host critical vulnerabilities and introduce various complexities.
If you’re having trouble convincing your organization to replace Pulse Connect Secure VPN with a Zero Trust solution, here are a few reasons:
- The Cybersecurity and Infrastructure Agency (CISA) has reported numerous Pulse Secure common vulnerabilities and exposures (CVEs) and breaches in the past 12 months.
- Pulse Secure was the entry point for an April 2021 breach that impacted multiple government agencies
- As reported by CNN, hackers repeatedly took advantage of vulnerabilities in Pulse Secure VPN to gain access to government agencies, defense companies and financial institutions in the U.S. and Europe. This incident prompted immediate action from CISA demanding agencies take immediate action to remediate effects of the hack that was initially difficult to identify, leaving organizations vulnerable for an extended period.
- The Pulse Secure VPN has been reported to be an impediment to users trying to complete daily tasks
- As reported by the Daily Mail, earlier this year, an expired Pulse Connect Secure blocked thousands of end users from connecting to their critical company resources leaving them unable to complete crucial tasks. Widely distributed workforces simply cannot afford multi-day interruptions or a vulnerable network.
- Several past and present vulnerabilities associated with Pulse Connect Secure include:
- CVE-2021-22908: has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway's ability to connect to Windows file shares through several CGI endpoints that could be leveraged to carry out an attack.
- CVE-2021-22893: according to ZDNET, this is a significant vulnerability with a severity score of 10 out of 10 with deployed malware designed to bypass two-factor authentication.
- Zero Trust Network Access (ZTNA) delivers superior secure remote access
- Appgate SDP provides stronger and simpler access controls for all users and devices to any workload, anywhere. This is why we were named a Leader in the 2021 Forrester ZTNA New Wave with the highest position for current offering. Key benefits include:
- Reducing your attack surface by cloaking all infrastructure
- Continuously evaluate identity and contextual risk as criterial for access
- Limit lateral movement and your blast radius with fine-grained micro-segmentation
- Unleash automation and programable security via robust APIs
- Deliver superior user experience that empowers how people work today
- Appgate SDP provides stronger and simpler access controls for all users and devices to any workload, anywhere. This is why we were named a Leader in the 2021 Forrester ZTNA New Wave with the highest position for current offering. Key benefits include:
We get it! Adopting new technology while contractually locked into old investments is hard to justify. Not anymore.
We want to replace your existing VPN. That’s why we’re offering to buy out your VPN support contract. This is a limited time offer that expires Dec 31st 2021.
To learn more and start your Zero Trust journey without the burden of legacy investments click here.