CISA Issues Emergency Directive Addressing Pulse Connect Secure Vulnerability

The Cybersecurity and Infrastructure Security Agency has released an emergency directive in response to the active exploitation of vulnerabilities in certain Pulse Connect Secure products that could allow remote code execution.

ED 21-03 instructs affected agencies to mitigate any anomalous activity or active network exploitation by using the Pulse Connect Secure Integrity Tool. The solution allows users to check the integrity of their file systems and detect hash mismatch errors, CHIPS Magazine reported Thursday.

CISA tells agencies to continue running the tool every 24 hours if it does not detect any mismatch of hashes on an initial check.

If mismatches or new files are discovered, agencies have to immediately isolate the affected appliance from their network and report the incident to CISA.

The agency directs agencies to adopt these measures until Pulse Security releases a patch addressing the vulnerabilities.

Pulse Connect Secure products are widely used to obtain SSL remote access.

According to CISA, cyber actors can exploit the vulnerabilities to place webshells, which are pieces of code that enable remote administration, on an appliance operating the vulnerable software.

An accompanying activity alert issued by CISA noted that known webshells allow for authentication bypass, multi-factor authentication bypass, password logging and persistence through patching.

The Center for Internet Security warned that successful cyber actors could be able to view, change or delete data, install programs or create new accounts with full user rights.

CISA did not disclose the agencies affected by the flaw but FCW reported that Pulse Secure’s parent company, Ivanti, currently holds contracts with the Department of Defense, the Coast Guard and the Bureau of the Fiscal Service.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now