Alert - Continued threat actor exploitation post Pulse Secure VPN patching (CISA)

Number: AL20-012
Date: 16 April 2020


The Cybersecurity and Infrastructure Security Agency (CISA), the United States’ agency responsible for protecting its critical infrastructure from physical and cyber threats, has produced an update to its January 2020 Alert regarding CVE-2019-11510, an arbitrary file reading vulnerability affecting Pulse Secure virtual private network (VPN) appliances. The Cyber Centre would like to highlight the updated Alert, as it provides important new information to system owners and operators responsible for defending their systems and networks from cyber threats. The Cyber Centre previously reported on this vulnerability in September 2019; the updated CISA Alert contains additional information describing post-compromise activity, related IOCs, and a detection tool.

The CISA Alert(AA20-107A) can be found at:

Should activity matching the content of either of these Alerts be discovered, recipients are encouraged to contact the Cyber Centre by email ( or by telephone (1-833-CYBER-88 or 1-833-292-3788).


Initial CISA Alert on Pulse Secure VPN vulnerability (AA20-010A):

Vulnerabilities exploited in VPN products used worldwide (NCSC Alert):
Cyber Centre Alert on Active Exploitation of VPN Vulnerabilities (AL19-016):


The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment.  We are Canada's national authority on cyber security and we lead the government's response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: