![pulse secure vulnerability 2021 pulse secure vulnerability 2021](https://cyberint.com/wp-content/uploads/2021/09/Critical-Pulse-Connect-Secure-SSL-VPN-Vulnerability-Exploited.png)
In a joint cybersecurity advisory Thursday, the National Security Agency, FBI and CISA said Russian Foreign Intelligence Service (SVR) actors have frequently used five known vulnerabilities to gain initial footholds into victim devices and networks. "Although we are not able to definitely connect UNC2630 to APT5, or any other existing APT group, a trusted third party has uncovered evidence connecting this activity to historic campaigns which Mandiant tracks as Chinese espionage actor APT5," the report said. While it is not entirely clear which nation or group the advanced persistent threat (APT) is associated with, the activity does track with another campaign. While they were unable to determine how the actors obtained administrator-level access to the appliances, they suspect some intrusions were due to the exploitation of previously disclosed Pulse Secure vulnerabilities dating back to 20, while other intrusions were due to the exploitation of the newer CVE-2021-22899 vulnerability.įireEye said it observed the threat activity - which the vendor identified as UNC2630 - harvesting credentials from various Pulse Secure VPN login flaws, which ultimately enabled the actor to use legitimate account credentials to move laterally into the affected environments. "In each intrusion, the earliest evidence of attacker activity traced back to DHCP IP address ranges belonging to Pulse Secure VPN appliances in the affected environment," the report said.
![pulse secure vulnerability 2021 pulse secure vulnerability 2021](https://cybersecurityworks.com/howdymanage/uploads/image/patch-watch/pulse-secure-charts/patch-watch-04.png)
Mandiant said they investigated multiple intrusions early this year at defense, government and financial organizations around the world. According to that report, the investigation by Pulse Secure determined that a combination of prior vulnerabilities and a previously unknown vulnerability discovered in April 2021 are responsible for the initial infection vector.
![pulse secure vulnerability 2021 pulse secure vulnerability 2021](https://www.bleepstatic.com/images/news/u/1109292/2021/CISA-Pulse-Secure-tweet.png)
In response to multiple security incidents involving Pulse Secure VPN appliances, Mandiant threat researchers released a report Tuesday with further details about the new vulnerability and threat actors exploiting it. However, the zero-day vulnerability is already being used in several attacks, which were detected by FireEye's Mandiant threat intelligence team.
#Pulse secure vulnerability 2021 Patch
While the tool has been released, a final patch to address the vulnerability will not be available until early May. The risk was significant enough that on Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring federal civilian departments and agencies running Pulse Secure products to "assess and mitigate any anomalous activity or active exploitation detected on their networks." Additionally, Pulse Secure developed an Identity Checker tool for mitigation, which the CISA emergency directive required all affected agencies to use.
![pulse secure vulnerability 2021 pulse secure vulnerability 2021](https://cybersecurityworks.com/howdymanage/uploads/image/pulse-secure-vulnerabilities.png)
Pulse Secure said that while the vulnerability poses a significant risk to customer deployment, only a very limited number of customers are affected. The critical vulnerability - dubbed CVE-2021-22899 - received a Common Vulnerability Scoring System maximum score of 10 and affects PCS 9.0R3 and higher.
#Pulse secure vulnerability 2021 series
In an out-of-band advisory Tuesday, Pulse Secure disclosed a vulnerability discovered in its Pulse Connect Secure (PCS) series enables a remote unauthenticated attacker to bypass authentication and execute arbitrary code.