Rewterz Threat ALert – Unpatched VPN Servers Targeted by Nation-State Attackers - Rewterz

Outdated OS gets ATMs Hacked within minutes

October 7, 2019

Rewterz Threat Alert – Masad Stealer

October 8, 2019

Rewterz Threat ALert – Unpatched VPN Servers Targeted by Nation-State Attackers

Severity

High

Analysis Summary

Advanced persistent threat actors are continuing their exploit attempts against name-brand VPNs used by organizations around the world.

Pulse Connect Secure

CVE-2019-11510: Pre-auth arbitrary file reading.
CVE-2019-11539: Post-auth command injection.

Fortinet

CVE-2018-13379: Pre-auth arbitrary file reading.
CVE-2018-13380: A cross-site scripting vulnerability.
CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user.
CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.

Palo Alto

CVE-2019-1579: Palo Alto Networks GlobalProtect Portal.

Impact

Credential theft
Exposure of sensitive information

Affected Vendors

Pulse Secure
Palo Alto
Fortinet

Affected Products

Pulse Connect Secure and Pulse Policy Secure VPN
Palo Alto GlobalProtect VPN
Fortinet Fortigate VPN

Remediation

Patch VPN servers and apply necessary updates.
Employ multi-factor authentication for users connecting to VPN services.
Reset all user and administrator passwords after these vulnerabilities have been patched.