Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Vulnerabilities in virtual private networks (VPN)

 

Systems Affected


  ✻  Pulse Connect Secure
  ✻  Fortigate
  ✻  Palo Alto
    ↳  Palo Alto GlobalProtect SSL VPN 7.1.x < 7.1.19
    ↳  Palo Alto GlobalProtect SSL VPN 8.0.x < 8.0.12
    ↳  Palo Alto GlobalProtect SSL VPN 8.1.x < 8.1.3

Threat Level


High


Overview


Vulnerabilities allows attackers to steal authentication credentials and unauthorized parties may able to connect to the VPN and steal data.


Description


Vulnerabilities exists in above VPN products which allow an attacker to retrieve arbitrary files, including those containing authentication credentials.
An attacker can use the stolen credentials to connect to the VPN and change configuration settings, or connect to further internal infrastructure. This will ultimately enable attacker to run secondary exploits targeting internal infrastructure.


Impact


  ✻  Steal VPN credentials.
  ✻  Data and configuration modifications.
  ✻  Connect to internal infrastructure and do more harm.


Solution/ Workarounds


  ✻  Update the VPN clients with latest patches. Patches are available for Pulse Secure, Fortinet and Palo Alto.
  ✻  Change your authentication credentials associated with affected VPNs and accounts connecting through them.


References


  ✻  https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.