The table below provides details of the following products:
Pulse Connect Secure | Not Applicable |
Pulse Policy Secure | Not Applicable |
PulseOne | Not Applicable |
Pulse Secure vADC | Not Applicable |
Drovorub is a Linux malware toolset. This is not a vulnerability. For further protection, Pulse Secure recommends the following steps:
- Upgrade VPNs and network devices used to remote into work environments to the latest supported versions.
- Use strong passwords or implement multi-factor authentication (MFA) Authentication.
- Increase your company’s remote access security tasks: log review, threat detection, and incident response & recovery.
- Customer using vTM can enable "Restricting Access" and "SSH intrusion protection" for vTM Devices.
Exploitation
Pulse Secure PSIRT is not aware of any malicious use of this malware against Pulse Secure products.
LEGAL DISCLAIMER
- THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK. PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
- A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS. THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
Document History:August 19, 2020 - Initial advisory posted.