1:10pm, 18 Oct 2019
TLP Rating: White
Virtual private network (VPN) vulnerabilities being exploited
Vulnerabilities are being exploited in several widely used virtual private network (VPN) products manufactured by Pulse Secure, Fortinet and Palo Alto.
The vulnerabilities appear to allow an attacker to retrieve arbitrary files, including those containing authentication credentials. An attacker can use these stolen credentials to connect to the VPN and change configuration settings, or connect to further internal infrastructure.