CISA Issues Emergency Directive on Pulse Connect Secure

Original release date: April 20, 2021

CISA has issued Emergency Directive (ED) 21-03, as well as Alert AA21-110A, to address the exploitation of vulnerabilities affecting Pulse Connect Secure (PCS) software. An attacker could exploit these vulnerabilities to gain persistent system access and take control of the enterprise network operating the vulnerable PCS device. These vulnerabilities are being exploited in the wild. 

Specifically, ED 21-03 directs federal departments and agencies to run the Pulse Connect Secure Integrity Tool on all instances of PCS virtual and hardware appliances to determine whether any PCS files have been maliciously modified or added.  

Although ED 21-03 applies to Federal Civilian Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others to run the Pulse Connect Secure Integrity Tool and review ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities for additional mitigation recommendations. 
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Issues Emergency Directive on Pulse Connect Secure

Original release date: April 20, 2021

CISA has issued Emergency Directive (ED) 21-03, as well as Alert AA21-110A, to address the exploitation of vulnerabilities affecting Pulse Connect Secure (PCS) software. An attacker could exploit these vulnerabilities to gain persistent system access and take control of the enterprise network operating the vulnerable PCS device. These vulnerabilities are being exploited in the wild. 

Specifically, ED 21-03 directs federal departments and agencies to run the Pulse Connect Secure Integrity Tool on all instances of PCS virtual and hardware appliances to determine whether any PCS files have been maliciously modified or added.  

Although ED 21-03 applies to Federal Civilian Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others to run the Pulse Connect Secure Integrity Tool and review ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities for additional mitigation recommendations. 
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

Original release date: April 20, 2021 | Last revised: April 21, 2021

CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.

In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, to offer technical details regarding this activity. Ivanti has provided a mitigation and is developing a patch.

CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to follow the guidance in Alert AA21-110A, which includes:

For additional information regarding this ongoing exploitation, see the FireEye blog post: Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day and the CERT Coordination Center (CERT/CC) Vulnerability Note VU#213092.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

Original release date: April 20, 2021 | Last revised: April 21, 2021

CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.

In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, to offer technical details regarding this activity. Ivanti has provided a mitigation and is developing a patch.

CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to follow the guidance in Alert AA21-110A, which includes:

For additional information regarding this ongoing exploitation, see the FireEye blog post: Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day and the CERT Coordination Center (CERT/CC) Vulnerability Note VU#213092.

This product is provided subject to this Notification and this Privacy & Use policy.