System4u supports the global implementation of Ivanti Secure Connect, formerly Pulse Secure VPN. We designed, implemented and now support the deployment of seven global Pulse Secure clusters, with 20 gateways running in Microsoft Azure, excluding the China on-site cluster. Pulse Secure is used by nearly 30,000 users, many of whom have more than one device. Multi-factor authentication, Zero Trust and all other modern identity, access and security principles are in place.
Pulse Secure Incident Description
At the end of January 2024, critical security vulnerabilities were identified in the Pulse Secure software.
The privilege escalation vulnerability affected the web component of Ivanti Connect Secure. Vulnerabilities CVE-2023-46805 and CVE-2024-21887 could be exploited in chain attacks, allowing the threat actor to compromise the device without authentication. CVE-2024-21893 could also be exploited without authentication, allowing limited access to resources.
System4u’s handling of the incident
1. Immediate action
With continuous support and monitoring, we immediately mitigated the risk by using a temporary workaround. Then we monitored the system, tested it and waited for a fix from the manufacturer.
2. Reset and reinstall
Ivanti recommended deleting/resetting the gateways. That was very nice advice, but it only applied to Pulse Secure hardware devices. Since we deployed Pulse Secure in Microsoft Azure, the only option was to reinstall all 20 gateways and other resources in Azure. On the face of it, it was quite a catastrophic scenario.
But now the effort put into implementation has paid off. Thanks to the implemented processes, tools (Terraform) and recovery testing, we quickly deployed all gateways with the new version.
Conclusion
With a professional implementation and DevSecOps processes in place, we were able to seamlessly recover the entire global infrastructure in a matter of hours. Thanks to the proposed cluster redundancy, there was no interruption of service or impact on users.
And the customer’s reaction?
Hello,
I’d like to share with you some feedback from our leadership.
You have a great team that provides excellent support + flexibility. You achieved perfect results and got our VPN solution back up and running.
Sincerely,
GIS Cyber Security Manager