Ivanti’s Pulse Connect Secure VPN Zero-day vulnerability was previously unknown. However, threat actors have continued to leverage multiple techniques to bypass single and multi-factor authentication on Pulse Secure VPN devices, maintain access via web shells, and established persistence across updates. The zero-day vulnerability (CVE-2021-22893), in combination with previous vulnerabilities, is being used to extract credentials, use legitimate but modified Pulse Secure binaries, and move laterally within target environments.
Pulse Secure VPN appliances
Upgrade to the latest Pulse Connect Secure server software version 9.1R.11.4 and for more information visit https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/