Rewterz Threat ALert – Unpatched VPN Servers Targeted by Nation-State Attackers

Monday, October 7, 2019

Severity

High

Analysis Summary

Advanced persistent threat actors are continuing their exploit attempts against name-brand VPNs used by organizations around the world. 

Pulse Connect Secure

  • CVE-2019-11510: Pre-auth arbitrary file reading.
  • CVE-2019-11539: Post-auth command injection.

Fortinet

  • CVE-2018-13379: Pre-auth arbitrary file reading.
  • CVE-2018-13380: A cross-site scripting vulnerability.
  • CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user.
  • CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.

Palo Alto

  • CVE-2019-1579: Palo Alto Networks GlobalProtect Portal.

Impact

  • Credential theft
  • Exposure of sensitive information

Affected Vendors

  • Pulse Secure
  • Palo Alto
  • Fortinet

Affected Products

  • Pulse Connect Secure and Pulse Policy Secure VPN
  • Palo Alto GlobalProtect VPN
  • Fortinet Fortigate VPN

Remediation

  • Patch VPN servers and apply necessary updates.
  • Employ multi-factor authentication for users connecting to VPN services.
  • Reset all user and administrator passwords after these vulnerabilities have been patched.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 20, November 2019 Rewterz Threat Alert – Malspam Campaigns Spreading Dridex Banking Trojan
  • 20, November 2019 Rewterz Threat Alert – McDonalds-Themed Facebook Malvertising Deploys Mispadu Banking Trojan
  • 19, November 2019 Rewterz Threat Alert – Active Exploitation of Firefox 0-Day Targets Cryptocurrency
  • 19, November 2019 Rewterz Threat Alert – Buran Ransomware Infects PCs via Microsoft Excel Web Queries

Copyright © Rewterz. All rights reserved.