Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products

Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday.

Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday.

Researcher Kevin Beaumont said he spotted attempts to exploit the flaws via BinaryEdge. The targeted security holes are CVE-2018-13379, a high-risk path traversal vulnerability in the FortiOS SSL VPN web portal, and CVE-2019-11510, a critical arbitrary file read vulnerability in Pulse Connect Secure.

Both vulnerabilities allow remote, unauthenticated attackers to access arbitrary files on the targeted systems.

Details of the flaws were first disclosed in July by Orange Tsai and Meh Chang of the research team at security consulting firm DEVCORE. The duo discovered many serious vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure products, and warned that they could be exploited by attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications.

The researchers also discussed their findings at the Black Hat and DEFCON conferences earlier this month. Several proof-of-concept (PoC) exploits were made public after their presentations.

In Pulse Secure products, the experts found a total of 7 vulnerabilities, including ones that could be combined to achieve remote code execution. Five security holes were found in the FortiGate SSL VPN, including two that could be chained for remote code execution.

The impacted vendors released patches and advisories before the details of the vulnerabilities were made public.

According to Beaumont, CVE-2018-13379 is easy to exploit and it allows an attacker to obtain administrator credentials in plain text. The expert says there are nearly half a million IP addresses associated with Fortinet devices visible online.

The first exploitation attempts against Fortinet systems were spotted by Beaumont on August 21 and against Pulse Secure systems on August 22. While so far it appears that someone is only scanning the internet for vulnerable systems, that could change at any time and more malicious payloads may pop up.

Pulse Secure told SecurityWeek that the flaws have been patched since April and customers who have deployed the fix are not vulnerable.

“Pulse Secure publicly provided a patch fix on April 24, 2019 to be immediately applied to the Pulse Connect Secure (VPN). Commencing that day in April, we informed our customers and service providers of the availability and need for the patch as per our Security Advisory– SA44101,” Pulse Secure said.

It added, “Since then, Pulse Secure has notified customers and our reseller partners about the Security Advisory through multiple email notifications and support portal alerts, as well as directly by our customer success managers. Pulse Secure customers have been downloading and applying the patch since its availability on April 24th, 2019. At the time that Pulse Secure developed and released the patch fix, we were not aware of any exploit of this vulnerability.”

SecurityWeek has reached out to Fortinet as well and will update this article if the company responds.

*updated with comments from Pulse Secure

Related: Cisco ASA Flaw Exploited in DoS Attacks

Related: Enterprise VPN Vulnerabilities Expose Organizations to Hacking, Espionage

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.