The The Transform Technology Summits begin October 13 with Low-Code / No Code: Enabling Enterprise Agility. Register now!
The vulnerabilities of SSL VPN products are among the most exploited by attackers for initial access to target networks, acting as a gateway to exploitation. Earlier this year, Tenable research named three VPN vulnerabilities as part of its top five vulnerabilities for 2020. Although all three vulnerabilities (CVE-2019-19781, CVE-2019-11510, CVE-2018-13379) were disclosed in 2019 and fixed by January 2020, they continue to be routinely operated for more than half of 2021.
Based on Tenable Research’s analysis of vendor reviews, government warnings, and industry data, the team reexamined how attackers have historically exploited these vulnerabilities, along with new reports of attacks, in 2021.
Several threat groups are known to exploit CVE-2019-19781 – a path or directory traversal flaw in Citrix ADC, Gateway and SD-WAN WANOP products to target the healthcare industry. More recently, attackers indicated their preference for this vulnerability in online forums between January 2020 and March 2021 because it was the above mentioned CVE on the dark web forums in Russian and English.
In April 2019, Pulse Secure released an out-of-band security advisory to address multiple vulnerabilities in its Pulse Connect Secure SSL VPN solution. Most notable, CVE-2019-11510, an arbitrary file disclosure vulnerability was assigned a maximum CVSSv3 score of 10.0. Fast forward to Q1 2021 – a report from Nuspire show A 1,527% increase in attempts to exploit CVE-2019-11510 against vulnerable Secure Pulse Connect SSL VPNs. There is also at least 16 malware families that have been developed to exploit vulnerabilities in Pulse Connect Secure.
In May 2019, Fortinet fixed a directory traversal vulnerability in its FortiOS SSL VPN, which allows an unauthenticated attacker to access arbitrary system files using specially crafted HTTP requests. Now attacks exploiting the bug increase 1.916% in the first quarter of 2021. Even further, an April report of Kaspersky ICS CERT revealed that threat actors were using it as an entry point into a corporate network to deploy Cring ransomware.
Since SSL VPNs provide a virtual gateway to organizations, ransomware groups will continue to target these unpatched vulnerabilities until organizations take action to strengthen these entry points by patching vulnerabilities in SSL VPN products. .
Read it full reportt by Tenable Research.
VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more
Become a member