The Cybersecurity and Infrastructure Security Agency (CISA) invites you to participate on a call Thursday, April 22, 2021, at 4 pm Eastern addressing yesterday’s release of Emergency Directive 21-03: Mitigate Pulse Secure Product Vulnerabilities and Activity Alert AA21-110A.
Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA strongly encourages state and local governments, critical infrastructure entities, and other private sector organizations who use Pulse Connect Secure products to review the Emergency Directive and the Activity Alert.
CISA has observed active exploitation of vulnerabilities in Pulse Connect Secure products, a widely used SSL remote access solution. Successful exploitation of these vulnerabilities could allow an attacker to place webshells and other malware on the appliance to gain persistent system access into the appliance operating the vulnerable software. CISA has no knowledge of other affected Pulse Secure products (including the Pulse Secure Access client).
This call will have representatives from CISA, Invanti and Fire Eye to discuss the vulnerability and highlight information we have shared including the Activity Alert and Emergency Directive.