Pulse Connect Secure critical vulnerability under exploitation

Source: NCSC-FI (Finland)
Link: https://www.kyberturvallisuuskeskus.fi/en/haavoittuvuus_12/2021
Published: 2021-04-22

Summary

Pulse Secure released out-of-cycle mitigation tool on April 20, 2021 for critical remote access vulnerability. The vulnerability is being actively exploited and must be addressed immediately.

Key Points

• Vendor: Pulse Secure
• Affected: Pulse Connect Secure remote access products
• Release date: April 20, 2021
• Release type: Out-of-cycle (emergency)
• Severity: Critical
• Exploitation status: Active exploitation
• Action required: Immediate mitigation

Impact

Active exploitation of VPN infrastructure vulnerabilities enables attackers to breach perimeter defenses. The out-of-cycle release indicates exceptional severity requiring urgent response.