Reset Search
 

 

Article

KB44764 - Customer FAQ: PCS Security Integrity Tool Enhancements

« Go Back

Information

 
Last Modified Date3/29/2021 11:03 AM
Synopsis

Customer FAQ: PCS Security Integrity Tool Enhancements


This article summarizes responses to frequently asked questions on PCS Security Integrity Tool Enhancements
Problem or Goal
Cause
Solution

Q1 : How do I know if I’m impacted? 

A: At this time, we believe the impact to be limited to a few specifically targeted customers via attempts to exploit vulnerabilities outlined in two security advisories that were patched in 2019 and 2020: Security Advisories SA44101 and SA44601. To verify whether or not your Pulse Connect Secure appliance is secure, we recommend: 

  • Utilizing the Ivanti Integrity Checker Tool to verify no changes have been made to the system.  

  • Review your logs for unusual authentications to the environment.  

  • We also recommend updating with the latest security enhancements which will be released on March 31, which includes the security integrity checker alert system and additional, proactive security features to help prevent future attacks against the platform. 

 

Q2: If I am impacted, what steps should I take to secure my system?

A: If a threat actor has been successful in leveraging a vulnerability addressed in Security Advisories SA44101 and SA44601 to obtain credentials, it’s possible that these credentials could be used to gain unauthorized access to your network. We highly recommend engaging a forensic provider to help you fully understand the impact to your system.  
 
Your Pulse Secure Support Representative can assist you in capturing forensic information as desired. 

 
After preservation, you can remediate your Pulse Secure appliance by:  

  1. Disabling the external-facing interface.  

  1. Saving the system and user config. 

  1. Performing a factory reset.  
    For more information refer KB22964 (How to factory reset the PCS)

  1. Updating the appliance to the newest version. 

  1. Re-import the saved config.   

  1. Re-enable the external interface.  

We also highly recommend resetting all passwords in the environment and reviewing the configuration to ensure no service accounts can be used to authenticate to the vulnerability. As a reminder, Pulse Connect Secure supports several different Multi-Factor Authentication mechanisms to further secure accounts against unauthorized access. 

9.1R11.1 Pulse Connect Secure Release is available from the Download Center at https://my.pulsesecure.net.  
For instructions to download software, please refer to KB40028 - [Customer Support Tools] How to download software / firmware for Pulse Secure products using the Licensing & Download Center at my.pulsesecure.net


Q3: If we (customer) are using MFA, do we need to change passwords? 

A: Yes, password changes are necessary, as recommended above.

 

Q4: If impacted, what is the attacker able to gain access to? Should we assume that our system is under attack now?    

A: We are aware of only a limited number of impacted customers. If you are impacted we highly recommend that you engage a forensic provider to investigate the potential harm to your network.   

   

Q5: What is Ivanti doing to protect against future attacks of this kind?   

A: Ivanti continues to partner and work closely with customers, law enforcement, and security firms to help ensure the security of its customers. The information sharing has helped us to develop the Ivanti Integrity Checker Tool and other security enhancements to help make the system more resilient to the on-going attempts by advanced threat actors to attack organizations.   
 

The Ivanti Product Security Incident Response Team (PSIRT) has introduced a new tool to enhance your ability to ensure the full integrity of your Pulse Connect Secure software. Please visit our quick start guide below:

KB44755 - Pulse Connect Secure (PCS) Integrity Assurance


Customer Contact Information  

We encourage you to reach out to the Pulse Secure Support center which is available 24/7: +1-844-751-7629 or engage your support representative https://support.pulsesecure.net/support/support-contacts/.     

Related Links
Attachment 1 
Created ByNita Joseph

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255