– Ivanti has released software To update to resolve a critical zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) Virtual Private Network (PCS) software recently established by the Department of Homeland Security’s Department of Cybersecurity and Infrastructure warned was actively attacked.
The software update addresses the recently released CVE-2021-22893, which is one of a group of four vulnerabilities currently targeted in an ongoing malicious campaign. Mitigation measures revealed the extremely critical bug as Ivanti continued to work on a patch.
The three other deficiencies, CVE-2019-11510, CVE-2020-8260, and CVE-2020-8243, were fixed in 2019 and 2020, but some companies did not apply the update.
Hackers have been actively combating these shortcomings since June 2020 and …