- A unit of GCHQ discovered vulnerabilities in three VPNs.
- All three vendors have already released security patches.
VPNs are supposed to help maintain your privacy while online, but it seems that at least some of them have some security issues. The problems are so big, in fact, that a branch of GCHQ, which is the British spy agency, issued alerts about them.
The National Cyber Security Centre (NCSC), a unit of GCHQ, has discovered security bugs in a series of VPNs that are being exploited in the wild. According to the warning, the vulnerabilities allowed attackers to get their hands on VPN login credentials. The information could then be used to change VPN configuration settings or gain access to internal infrastructure. Secondary exploits to access a root shell could also be run when exploiting the discovered bugs.
The VPNs come from the following vendors, so if you have one of their products, you should update immediately – Pulse Secure, Palo Alto, and Fortinet.
“This activity is ongoing, targeting both the UK and international organizations. Affected sectors include government, military, academic, business and healthcare,” reads the advisory.
Here are some of the top vulnerabilities the NCSC discovered:
Pulse Connect Secure
- CVE-2018-13379: Pre-auth arbitrary file reading
- CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user.
- CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.
- CVE-2019-1579: Palo Alto Networks GlobalProtect Portal
The NCSC is advising users of these VPN products to investigate their logs for evidence of compromise, especially if it’s possible that patches were not applied immediately after their release. Admins should also look for evidence of compromised accounts in active use.
While the agency is giving some pretty specific instructions to check for these bugs, they do mention that in order to best mitigate these vulnerabilities is to apply the latest security patches released by vendors and to reset authentication credentials associated with affected VPNs and accounts connecting through them. Pulse Secure, Palo Alto, and Fortinet have all released patches for the vulnerabilities so there’s no excuse in waiting around here. Always run the updates when available!
Are you using any of these VPNs? Drop us a note in the comments section below the article and tell us if you’ve found any suspicious activity and if you commonly run security updates on your devices and apps. Share the news with friends and family so they can check too, and follow TechNadu on Facebook and Twitter for more tech news, guides, reviews, and interviews.