Nearly 4,500 Pulse Connect Secure VPNs Left Unpatched and Vulnerable
Pulse Connect VPN server software received several updates over the years, and thousands of hosts haven't patched.
Nearly 4,500 Pulse Connect Security SSL virtual private network hosts are running unpatched server software, leaving them open to cyberattacks.
A new analysis from Censys of the Pulse Connect Secure VPN ecosystem of 30,266 hosts found that although several notable flaws have been discovered and patched over the past few years, 4,460 hosts are still running vulnerable versions. Besides Pulse advisories, the Cybersecurity and Infrastructure Security Agency in April 2021 issued an alert that some of the documented Pulse Connect bugs were under active attack, Censys added.
The Censys Pulse Connect report includes a breakdown of the unpatched versions, finding the biggest chunk of vulnerable hosts — 1,033 — is in the US.
Overall, Censys said the team was trying to "... paint a picture of the current state of vulnerable Pulse Connect secure devices that are still running on the Internet," the report added.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024