Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors.
Tracked as CVE-2021-22893 (CVSS score 10), the flaw concerns multiple use after free issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to execute arbitrary code and take control of the affected system. All Pulse Connect Secure versions prior to 9.1R11.4 are impacted.
The flaw came to light on April 20 after FireEye disclosed a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in the remote access solution to bypass multi-factor authentication protections and breach enterprise networks.
iTWire Monday, 03 May 2021 10:02 Five US Government agencies attacked through Pulse Secure VPNs
Shares Image by Abigall Maddison from Pixabay
At least five US Government agencies have been breached in the latest attack aimed at the government, an official at the Cybersecurity and Infrastructure Security Agency says. CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorised access, deputy executive assistant director of Cybersecurity, Matt Hartman, said in
CNN. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.
Pulse Secure VPN Zero-Day Flaw Patched
May 20, 2021
Compliance
May 4, 2021
Compliance
Compliance Twitter Get Permission
Ivanti, parent company of Pulse Secure, published a permanent fix Monday for a zero-day vulnerability in Pulse Connect Secure VPN products that has been exploited to target U.S. government agencies, critical infrastructure providers and other companies over the last several weeks.
The zero-day flaw, which is tracked as CVE-2021-22893, is one of at least four vulnerabilities in Pulse Connect Secure VPN products that have been exploited by various groups, including one with connections to China, since earlier this year. In April, security firm FireEye published a report about the attacks as well as details about the zero-day bug that was being exploited (see:
By
Brad D. Williams on April 30, 2021 at 1:33 PM
UPDATED: Adds information on CISA’s update today to the activity alert originally issued on April 20.
WASHINGTON: CISA confirmed today it’s investigating at least five federal agencies to determine whether they were breached via recently disclosed vulnerabilities in Pulse Connect Secure appliances.
Matt Hartman, deputy executive assistant director at CISA, said in a statement provided to
Breaking Defense, “CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.”
Ivanti said in a statement that it was working closely with CISA and cybersecurity experts to investigate and respond quickly to malicious activity that was identified on a very limited number of customer systems . Reuters
The US Department of Homeland Security has determined that flaws in Ivanti Inc’s products may have allowed hackers to breach at least five federal agencies.
The Department’s Cybersecurity and Infrastructure Security Agency, known as CISA, has been working with organisations targeted through vulnerabilities in Ivanti’s Pulse Connect Secure products and required federal civilian agencies to run a tool designed to find them.