For Palo Alto, the VPN vulnerability is found in the GlobalProtect portal and GlobalProtect Gateway interface products. The company is aware of the flaw, which was addressed in prior maintenance releases. Without the patch, successful exploitation of the flaw could allow an unauthenticated user to remotely execute arbitrary code.
The vulnerability is found in older models, and the latest platform, PAN-OS 9.0 is not affected.
Organizations should upgrade to the latest upgrades, officials said. But if it’s not possible, it’s recommended that companies update to the content release 8173, or the latest version. The IT team should also confirm threat prevention is enable and enforced on all traffic that passes through the impacted VPNs.
The vulnerability is also found in FortiGuard FortiOS SSL VPN web portal and could allow a remote hacker to download system files through a specially crafted HTTP resource request. The flaw is found in the 5.6.3 to 5.6.7 models, as well as the 6.0.0 to 6.0.4 models, only if the SSL VPN web-mode or tunnel mode is enabled.
Organizations can deploy a workaround as a temporary solution, which is to completely disable the SSL-VPN service both in web-mode and tunnel mode. Further, firewall policies tied to SSL VPN will also need to be unset beforehand to successfully achieve the workaround.
Lastly, several vulnerabilities were found and resolved in the Pulse Connect Secure and Pulse Policy Secure VPN applications. The flaw could allow an authentication by-pass, which would let an unauthenticated user to perform a remote arbitrary file access on the gateway.
Another vulnerability was found that would allow a remote code execution on these gateways. Officials said that many of the vulnerabilities have been rate critical and pose a significant risk to the VPN deployment. As a result, officials are strongly recommending organizations upgrade to the corresponding version with the provided patch, as soon as possible.
A list of applicable patches can be found here.
The healthcare sector typically leans on VPNs for secure access with their vendors, which means it’s crucial for those organizations to verify if they are using the impacted portals and to upgrade as soon as possible.