CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.
In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, to offer technical details regarding this activity. Ivanti has provided a mitigation and is developing a patch.
CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to follow the guidance in Alert AA21-110A, which includes:
- Running the Pulse Connect Secure Integrity Tool
- Updating their Pulse Connect Secure appliance to the latest software version
- Implementing the mitigation provided by Ivanti Pulse Secure (if evidence of comprise is found)
For additional information regarding this ongoing exploitation, see the FireEye blog post: Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day and the CERT Coordination Center (CERT/CC) Vulnerability Note VU#213092.