• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-0065 – Juniper Junos OS Vulnerability Could Allow for Denial of Service
October 18, 2019
Rewterz Threat Alert – Ursnif Distributed Through Reply-Chain Attacks to Look Legitimate
October 18, 2019

Rewterz Threat Alert – Vulnerable Corporate VPNs Exploited in the Wild

October 18, 2019

Severity

High

Analysis Summary

Recently, Nation-state attackers targeted vulnerable VPN servers. Vulnerabilities in VPNs of renowned global brands were exploited in these campaigns. The vulnerabilities continue to be exploited by Advanced Persistent Threat groups on a mass scale.

CVE-2019-11510

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. This includes access to databases that the VPN server uses to track sessions, cleartext credentials, and NTLM hashes.
It should be noted that 2FA will not prevent an attacker from hijacking a valid authenticated session. Moreover, credentials stored on these databases must immediately be changed as the attackers are actively leveraging credentials to attempt to connect to other resources that may not require 2FA.

Read more on ‘How VPNs can be exploited by attackers’.

Impact

  • Unauthorized network access
  • Session takeover
  • Remote code execution
  • 2FA bypass
  • Exploitation of stolen credentials

Affected Vendors

Pulse Secure

Affected Products

Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1
8.3 before 8.3R7.1
9.0 before 9.0R3.4

Remediation

  • Block the threat indicators at their respective controls.
  • Upgrade to a non-vulnerable version of the Pulse Secure VPN software.
  • All credentials used on the system, both locally stored and from remote authentication sources, should be reset/changed immediately.
  • Any multi-factor authentication API keys that may have been stored on the device should also be reset.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.