Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products

Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday.

Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday.

Researcher Kevin Beaumont said he spotted attempts to exploit the flaws via BinaryEdge. The targeted security holes are CVE-2018-13379, a high-risk path traversal vulnerability in the FortiOS SSL VPN web portal, and CVE-2019-11510, a critical arbitrary file read vulnerability in Pulse Connect Secure.

Both vulnerabilities allow remote, unauthenticated attackers to access arbitrary files on the targeted systems.

Details of the flaws were first disclosed in July by Orange Tsai and Meh Chang of the research team at security consulting firm DEVCORE. The duo discovered many serious vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure products, and warned that they could be exploited by attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications.

The researchers also discussed their findings at the Black Hat and DEFCON conferences earlier this month. Several proof-of-concept (PoC) exploits were made public after their presentations.

In Pulse Secure products, the experts found a total of 7 vulnerabilities, including ones that could be combined to achieve remote code execution. Five security holes were found in the FortiGate SSL VPN, including two that could be chained for remote code execution.

The impacted vendors released patches and advisories before the details of the vulnerabilities were made public.

According to Beaumont, CVE-2018-13379 is easy to exploit and it allows an attacker to obtain administrator credentials in plain text. The expert says there are nearly half a million IP addresses associated with Fortinet devices visible online.

Advertisement. Scroll to continue reading.

The first exploitation attempts against Fortinet systems were spotted by Beaumont on August 21 and against Pulse Secure systems on August 22. While so far it appears that someone is only scanning the internet for vulnerable systems, that could change at any time and more malicious payloads may pop up.

Pulse Secure told SecurityWeek that the flaws have been patched since April and customers who have deployed the fix are not vulnerable.

“Pulse Secure publicly provided a patch fix on April 24, 2019 to be immediately applied to the Pulse Connect Secure (VPN). Commencing that day in April, we informed our customers and service providers of the availability and need for the patch as per our Security Advisory– SA44101,” Pulse Secure said.

It added, “Since then, Pulse Secure has notified customers and our reseller partners about the Security Advisory through multiple email notifications and support portal alerts, as well as directly by our customer success managers. Pulse Secure customers have been downloading and applying the patch since its availability on April 24th, 2019. At the time that Pulse Secure developed and released the patch fix, we were not aware of any exploit of this vulnerability.”

SecurityWeek has reached out to Fortinet as well and will update this article if the company responds.

*updated with comments from Pulse Secure

Related: Cisco ASA Flaw Exploited in DoS Attacks

Related: Enterprise VPN Vulnerabilities Expose Organizations to Hacking, Espionage

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...