We advise users to ensure their systems are patched and up-to-date.
The Pulse VPN vulnerability, also known as CVE-2019-11510, was initially disclosed in April 2019 but has resurfaced after multiple reports of exploitation and the disclosure of working exploits available for use on Pastebin and GitHub.
CVE-2019-11510 leaves users open to attack from malicious actors who can exploit this vulnerability to read file contents on devices as well as leverage other vulnerabilities to execute commands.
Complacency is a big risk factor, as malicious actors are already using this exploit with great effect in Australia.
The vulnerability is present in the following Pulse Connect Secure versions:
- 9.0R1 to 9.0R3.3
- 8.3R1 to 83.R7
- 8.2R1 to 8.2R12
- 8.1R1 to 8.1R15
To report a cybercrime, visit cyber.gov.au.