Ivanti has released a security update to address a new authentication bypass vulnerability in Pulse Connect Secure appliance disclosed last month and is urging customers to move quickly to apply the patch.
The company’s Pulse Secure team published a blog Monday calling attention to the update, saying it has worked with CISA, Mandiant/FireEye, Stox Friedberg and others to investigate and respond to malicious activity that it says was identified on a “very limited number” of customer systems.
“The Pulse team took swift action to provide mitigations directly to the limited number of impacted customers that remediates the risk to their system, and we are pleased to be able to deliver a security patch in such short order to address the vulnerability,” the company said in the blog.
The update comes nearly two weeks after the company and others began sounding the alarm about that vulnerability being used alongside older vulnerabilities being exploited by a sophisticated threat actor.
The company says four vulnerabilities are currently being exploited, but three of them were patched in 2019 and 2020. The fourth – which was patched today – is tracked as CVE-2021-22893 and could allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway.
As sophisticated threat actors continue their attacks on U.S. businesses and government agencies, we will continue to work with our customers, the broader security industry, law enforcement and government agencies to mitigate these threats. Companywide we are making significant investments to enhance our overall cyber security posture, including a more broad implementation of secure application development standards.
In that vein, we recommend that customers take advantage of our Pulse Security Integrity Checker Tool, an efficient and easy-to-use tool for our customers to identify malicious activity on their systems, and continue to apply and follow recommended guidance for all available security patches.
According to a FireEye blog, a nation-state hacking group backed by China is believed to be behind the exploits that are targeting U.S. defense companies. he actors are suspected to have obtained administrator-level access to the appliances through previously disclosed Pulse Secure vulnerabilities, and other intrusions were due to the new vulnerability.
Leave a Reply