CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.
In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to offer technical details regarding this activity. Ivanti has provided a mitigation and is developing a patch.
CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to follow the guidance in Alert AA21-110A, which includes:
- Running the Ivanti Integrity Checker Tool
- Updating their Pulse Connect Secure appliance to the latest software version
- Implementing the mitigation provided by Ivanti Pulse Secure (if evidence of comprise is found)
For additional information regarding this ongoing exploitation, see the FireEye blog post: Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day.