The vulnerability, known as CVE-2019-11510, was initially disclosed in April 2019 and has resurfaced after the ACSC has received multiple reports of this publicly available exploit available for use on Pastebin and GitHub.
What you need to do
It is important that organisations and individuals using the affected Pulse Connect Secure VPN software immediately install Pulse Secure vulnerability patch – CVE-2019-11510, available at Pulse Security Advisory: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure.
Affected versions of Pulse Connect Secure software include:
- 9.0R1 to 9.0R3.3
- 8.3R1 to 83.R7
- 8.2R1 to 8.2R12
- 8.1R1 to 8.1R15.
Read ACSC’s guidance on how organisations can prepare and respond to a cyber security incident.
Go to the ‘Have I been Pwned?’ website to see if email accounts have been breached.
To report a cybercrime, go to ReportCyber and report it.
To learn more about the OAIC Notifiable Data Breaches scheme, visit the OAIC website.