Last week, the UK’s National Cyber Security Centre (NCSC) reported that
The CVE-2018-13379 is a path traversal vulnerability in the FortiOS SSL VPN web portal that could be exploited by an unauthenticated attacker to download FortiOS system files. The CVE-2018-13379 flaw could be exploited to obtain administrator credentials in plain text.
The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability.
APT groups also exploit CVE-2018-13382, CVE-2018-13383, and CVE-2019-1579, in Palo Alto Networks products.
The vulnerabilities were first reported in July by researchers Orange Tsai and Meh Chang from DEVCORE that found several flaws in Fortinet, Palo Alto Networks and Pulse Secure products. The issues could be exploited by threat actors to access corporate networks and steal sensitive documents
Microsoft researchers recently reported that the APT5
Now NSA is warning of multiple state-sponsored
“Multiple Nation State Advanced Persistent Threat (APT) actors have
“If a malicious actor previously exploited the vulnerability to collect legitimate credentials, these credentials would still be valid after patching.
Both NCSC or NSA intelligence agencies confirmed that APT groups targeted several sectors, including military, government, academic, business and healthcare. The security advisories published by the agencies did not name any APTs leveraging the above VPN vulnerabilities.
(SecurityAffairs – VPN vulnerabilities, hacking)