NSA has a cybersecurity advisory
It says that Pulse SecureTM, Palo Alto GlobalProtectTM, and Fortinet FortigateTM VPN(Virtual Private Network) products have vulnerabilities
3 of them
VPN CVEs being currently exploited include but may not be limited to:
- CVE-2019-11510 and CVE-2019-1153 which allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways;
- CVE-2018-13379 which allows specially crafted HTTP requests to download system files on Fortinet Fortigate devices;
- CVE-2019-1579 which allows remote code execution against Palo Alto GlobalProtect VPNs.
As we have discussed in past a CVE (CVE = Common Vulnerabilities and Exposures ) explains what a potential attack can accomplish on the device and software.
I have said this before, but the ones with ‘remote code execution’ are the most dangerous. Since the attacker can interrupt the software and sometimes take it over(depends on the vulnerability)
It behooves us to review what happens when we are told about vulnerabilities.
Notice that once we know about a vulnerability it has been known by the experts and likely attackers for a while.
So what does it mean when VPN devices are vulnerable? They are on the Internet 24/7 so the attackers will find them and hack them.
Short story: you must patch your devices as soon as possible or you will get hacked.
Test the patch to make sure the patch will not be worse than the vulnerability. then patch the device.
Contact us to discuss.