The Australian Signals Directorate’s Australian Cyber Security Centre is aware of a vulnerability that exists in the Pulse Connect Secure Virtual Private Network (VPN) solution.
We advise users to ensure their systems are patched and up to date.
The Pulse VPN Vulnerability, also known as CVE-2019-11510, was initially disclosed in April 2019 but has resurfaced after multiple reports of exploitation and the disclosure of working exploits available for use on Pastebin and GitHub.
CVE-2019-11510 leaves users open to attack from malicious actors who can exploit this vulnerability to read file contents on devices as well as leverage other vulnerabilities to execute commands.
Complacency is a big risk factor, as malicious actors are already using this exploit with great effect in Australia.
The vulnerability is present in the following Pulse Connect Secure versions:
- 9.0R1 to 9.0R3.3
- 8.3R1 to 83.R7
- 8.2R1 to 8.2R12
- 8.1R1 to 8.1R15
To report a cybercrime, visit cyber.gov.au.
The Australian Cyber Security Centre recommends users of the affected Pulse Connect Secure VPN software immediately upgrade to the corresponding versions as detailed in Pulse Secure Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/. The Australian Cyber Security Centre will continue to monitor and provide additional updates as required.
If an organisation believes it has been compromised they should:
- Reset all Remote Access Passwords.
- Check the Pulse Connect Secure VPN logon script configuration to ensure no malicious changes have been made.
- Regenerate certificates for the Pulse Connect Secure VPN device.
The UK National Cyber Security Centre have also released an alert containing information on the exploitation of vulnerabilities in VPNs, including Pulse Connect Secure. Their information and mitigation advice is available at https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities