Rewterz Threat ALert – Unpatched VPN Servers Targeted by Nation-State Attackers

Monday, October 7, 2019



Analysis Summary

Advanced persistent threat actors are continuing their exploit attempts against name-brand VPNs used by organizations around the world. 

Pulse Connect Secure

  • CVE-2019-11510: Pre-auth arbitrary file reading.
  • CVE-2019-11539: Post-auth command injection.


  • CVE-2018-13379: Pre-auth arbitrary file reading.
  • CVE-2018-13380: A cross-site scripting vulnerability.
  • CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user.
  • CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.

Palo Alto

  • CVE-2019-1579: Palo Alto Networks GlobalProtect Portal.


  • Credential theft
  • Exposure of sensitive information

Affected Vendors

  • Pulse Secure
  • Palo Alto
  • Fortinet

Affected Products

  • Pulse Connect Secure and Pulse Policy Secure VPN
  • Palo Alto GlobalProtect VPN
  • Fortinet Fortigate VPN


  • Patch VPN servers and apply necessary updates.
  • Employ multi-factor authentication for users connecting to VPN services.
  • Reset all user and administrator passwords after these vulnerabilities have been patched.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 20, November 2019 Rewterz Threat Alert – Malspam Campaigns Spreading Dridex Banking Trojan
  • 20, November 2019 Rewterz Threat Alert – McDonalds-Themed Facebook Malvertising Deploys Mispadu Banking Trojan
  • 19, November 2019 Rewterz Threat Alert – Active Exploitation of Firefox 0-Day Targets Cryptocurrency
  • 19, November 2019 Rewterz Threat Alert – Buran Ransomware Infects PCs via Microsoft Excel Web Queries

Copyright © Rewterz. All rights reserved.