Late last week, it was reported that Chinese hackers are exploiting recently disclosed Pulse Secure VPN vulnerability CVE-2021-22893 and potentially three other Pulse Secure vulnerabilities as follows:
Note the report did not say if exploits in the wild have been confirmed, they just noted exploit attempts. However, previous reporting has confirmed that CVE-2019-11510 has been exploited in the wild.
Perhaps most striking, CISA reported that Chinese hackers were attempting to gain access to US government agencies through these vulnerabilities.
Looking at CYR3CON CyRating predictions on these vulnerabilities, we see a rapid rise in CyRating associated with reports of exploitation preceding the NIST disclosure (see below).
Looking at the other vulnerabilities from the report, we see that, as noted, CVE-2019-11510 has the maximum CyRating due to the previous exploit. However, the other two, which have not been confirmed to be successfully exploited, but have been attempted to be exploited, had quite elevated CyRatings (7x and 3x more likely to be exploited respectively) ahead of the recent report – placing them in the top quarter of vulnerabilities despite a mid-range CVSS score which puts them at the lower 40% of vulnerabilities by that standard.
So, as previously discussed, the combination of machine learning and threat intelligence was ahead of attempts by hackers to exploit these vulnerabilities, whereas CVSS has again lagged and may have led to improper prioritization. An intelligence-focused approach is a must to protect work-from-home enablers like VPN.