Number: AL20-012
Date: 16 April 2020
ASSESSMENT
The Cybersecurity and Infrastructure Security Agency (CISA), the United States’ agency responsible for protecting its critical infrastructure from physical and cyber threats, has produced an update to its January 2020 Alert regarding CVE-2019-11510, an arbitrary file reading vulnerability affecting Pulse Secure virtual private network (VPN) appliances. The Cyber Centre would like to highlight the updated Alert, as it provides important new information to system owners and operators responsible for defending their systems and networks from cyber threats. The Cyber Centre previously reported on this vulnerability in September 2019; the updated CISA Alert contains additional information describing post-compromise activity, related IOCs, and a detection tool.
The CISA Alert(AA20-107A) can be found at:
https://www.us-cert.gov/ncas/alerts/aa20-107a
Should activity matching the content of either of these Alerts be discovered, recipients are encouraged to contact the Cyber Centre by email (contact@cyber.gc.ca) or by telephone (1-833-CYBER-88 or 1-833-292-3788).
REFERENCES
Initial CISA Alert on Pulse Secure VPN vulnerability (AA20-010A):
https://www.us-cert.gov/ncas/alerts/aa20-010a
Vulnerabilities exploited in VPN products used worldwide (NCSC Alert):
https://cyber.gc.ca/en/alerts-advisories/vulnerabilities-exploited-vpn-products-used-worldwide-ncsc-alert
Cyber Centre Alert on Active Exploitation of VPN Vulnerabilities (AL19-016):
https://cyber.gc.ca/en/alerts-advisories/active-exploitation-vpn-vulnerabilities-0
NOTE TO READERS
The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada's national authority on cyber security and we lead the government's response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.