First published: 01 Oct 2019
Last updated: 21 Apr 2021

Content written for

Small & medium business
Large organisations & infrastructure


On 20 April 2021, CISA released an alert on ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities. U.S. Government agencies, critical infrastructure entities, and private sector organisations have been impacted. For further details on the vulnerabilities and impacted versions please refer the Pulse Security Advisory.

The Pulse VPN vulnerabilities were initially disclosed in April 2019 and have been previously exploited in Australian networks. 


The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends that in addition to patching, organisations should refer to mitigations provided within the CISA alert, Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, and take the additional step to run the Pulse Connect Secure Integrity Tool. The integrity tool checks the file system and finds any additional/modified file(s).


The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1.

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it