1:10pm, 18 Oct 2019

TLP Rating: White

Virtual private network (VPN) vulnerabilities being exploited

Vulnerabilities are being exploited in several widely used virtual private network (VPN) products manufactured by Pulse Secure, Fortinet and Palo Alto.

The vulnerabilities appear to allow an attacker to retrieve arbitrary files, including those containing authentication credentials. An attacker can use these stolen credentials to connect to the VPN and change configuration settings, or connect to further internal infrastructure.