Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure (PCS) software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities on April 20 and added detection information on April 30.
CISA strongly encourages customers using Ivanti Pulse Connect Secure appliances to review the blog post and apply the necessary updates. For additional information, CISA recommends reviewing the following resources and tools below.
- CISA Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
- Pulse Security Integrity Checker Tool