Hackers are exploiting existing vulnerabilities in Pulse Secure VPN and Android Phones. The flaw tracked as CVE-2019-1150, has been rated ‘Highly’ critical. This arbitrary read file vulnerability affects multiple versions of Pulse Connect Secure and Pulse Policy Secure. This flaw allows remote attackers to connect via HTTPS to an enterprise network without the requirement of any valid username or password.
Attackers can use the flaw to view logs and files, turn-off multifactor authentication, download arbitrary files and execute malicious code on enterprise networks.
Good News is Pulse Secure has released a security update to address the issue and users are urged to apply the patches immediately to mitigate such attacks.