Skip to main content

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of a working exploit for a vulnerability that exists in the Pulse Connect Secure Virtual Private Network (VPN) solution software.

The vulnerability, known as CVE-2019-11510, was initially disclosed in April 2019 and has resurfaced after the ACSC has received multiple reports of this publicly available exploit available for use on Pastebin and GitHub.

What you need to do

It is important that organisations and individuals using the affected Pulse Connect Secure VPN software immediately install Pulse Secure vulnerability patch – CVE-2019-11510, available at Pulse Security Advisory: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure.

Affected versions of Pulse Connect Secure software include:

  • 9.0R1 to 9.0R3.3
  • 8.3R1 to 83.R7
  • 8.2R1 to 8.2R12
  • 8.1R1 to 8.1R15.

Further information

Read ACSC’s guidance on how organisations can prepare and respond to a cyber security incident.

Go to the ‘Have I been Pwned?’ website to see if email accounts have been breached.

To report a cybercrime, go to ReportCyber and report it.

To learn more about the OAIC Notifiable Data Breaches scheme, visit the OAIC website.