State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.
The National Security Agency (NSA) issued a
Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–
CVE-2019-11539,
CVE-2019-11510 and
CVE-2018-13379–to gain access to vulnerable VPN devices. The first two affect Pulse Secure VPNs while the third affects Fortinet technology.
The National Cyber Security Centre in the United Kingdom posted
a separate warning about the threats, which stem from vulnerabilities that allow “an attacker to retrieve arbitrary files, including those containing authentication credentials,” according to the post.
The flaws allow an attacker to use those stolen credentials to connect to the VPN and change configuration settings or even connect to other infrastructure on the network, authorities warned. Through this unauthorized connection, an attacker could gain privileges to run secondary exploits that could allow them to access a root shell.
threatpost.com
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}