Field Note on CVE-2019-11510 ; Pulse Connect Secure SSL-VPN in the Netherlands
This Field Note describes the case of a critical unauthenticated RCE vulnerability in an SSL-VPN product that remained unpatched at a large scale-up and until after exploits became public. Approximately 14,500 systems worldwide were reportedly unpatched at the end of August 2019. Two weeks after exploits emerged in public, both GCHQ and NSA released notices that the vulnerability was being exploited by APT actors. The present Field Note describes observations from the Netherlands and includes reflections in an attempt to stimulate thinking on how to improve the status quo, such as through coor... Mehr ...
Verfasser: | |
---|---|
Dokumenttyp: | Artikel |
Erscheinungsdatum: | 2020 |
Reihe/Periodikum: | Digital Threats: Research and Practice ; volume 1, issue 2, page 1-7 ; ISSN 2692-1626 2576-5337 |
Verlag/Hrsg.: |
Association for Computing Machinery (ACM)
|
Schlagwörter: | Computer Networks and Communications / Computer Science Applications / Hardware and Architecture / Safety Research / Information Systems / Software |
Sprache: | Englisch |
Permalink: | https://search.fid-benelux.de/Record/base-27177809 |
Datenquelle: | BASE; Originalkatalog |
Powered By: | BASE |
Link(s) : | http://dx.doi.org/10.1145/3382765 |
This Field Note describes the case of a critical unauthenticated RCE vulnerability in an SSL-VPN product that remained unpatched at a large scale-up and until after exploits became public. Approximately 14,500 systems worldwide were reportedly unpatched at the end of August 2019. Two weeks after exploits emerged in public, both GCHQ and NSA released notices that the vulnerability was being exploited by APT actors. The present Field Note describes observations from the Netherlands and includes reflections in an attempt to stimulate thinking on how to improve the status quo, such as through coordinated proactive measures by CSIRTs.