Outdated OS gets ATMs Hacked within minutes
October 7, 2019Rewterz Threat Alert – Masad Stealer
October 8, 2019Outdated OS gets ATMs Hacked within minutes
October 7, 2019Rewterz Threat Alert – Masad Stealer
October 8, 2019Severity
High
Analysis Summary
Advanced persistent threat actors are continuing their exploit attempts against name-brand VPNs used by organizations around the world.
Pulse Connect Secure
- CVE-2019-11510: Pre-auth arbitrary file reading.
- CVE-2019-11539: Post-auth command injection.
Fortinet
- CVE-2018-13379: Pre-auth arbitrary file reading.
- CVE-2018-13380: A cross-site scripting vulnerability.
- CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user.
- CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.
Palo Alto
- CVE-2019-1579: Palo Alto Networks GlobalProtect Portal.
Impact
- Credential theft
- Exposure of sensitive information
Affected Vendors
- Pulse Secure
- Palo Alto
- Fortinet
Affected Products
- Pulse Connect Secure and Pulse Policy Secure VPN
- Palo Alto GlobalProtect VPN
- Fortinet Fortigate VPN
Remediation
- Patch VPN servers and apply necessary updates.
- Employ multi-factor authentication for users connecting to VPN services.
- Reset all user and administrator passwords after these vulnerabilities have been patched.