'Organizations that have yet to install the latest version of the
Pulse Secure VPN have a good reason to stop dithering—a code-execution
vulnerability that allows attackers to take control of networks that
use the product.
Tracked as CVE-2020-8218, the vulnerability requires an attacker to
have administrative rights on the machine running the VPN. Researchers
from GoSecure, the firm that discovered the flaw, found an easy way to
clear that hurdle: trick an administrator into clicking on a malicious
link embedded in an email or other type of message.'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174