Vulnerabilities in virtual private networks (VPN) being exploited

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

1:10pm, 18 October 2019

TLP Rating: Clear

Virtual private network (VPN) vulnerabilities being exploited

Vulnerabilities are being exploited in several widely used virtual private network (VPN) products manufactured by Pulse Secure, Fortinet and Palo Alto.

The vulnerabilities appear to allow an attacker to retrieve arbitrary files, including those containing authentication credentials. An attacker can use these stolen credentials to connect to the VPN and change configuration settings, or connect to further internal infrastructure.

What's happening

Systems affected

The affected VPN products are:

  • Pulse Connect Secure
  • Fortigate
  • Palo Alto
    • Palo Alto GlobalProtect SSL VPN 7.1.x < 7.1.19
    • Palo Alto GlobalProtect SSL VPN 8.0.x < 8.0.12
    • Palo Alto GlobalProtect SSL VPN 8.1.x < 8.1.3

Exploits for the vulnerabilities are publicly available online.

What this means

The vulnerabilities allow potential attackers to retrieve arbitrary files which may also contain authentication credentials. With these credentials, unauthorised parties may be able to connect to the VPN, and in doing so change configuration settings, or connect to the wider network.

What to look for

How to tell if you're at risk

If you’re running unpatched versions of software from these vendors, you are at risk and need to patch immediately.

What to do

Prevention

Patches are available for each vulnerability. CERT NZ strongly recommends all users of these products patch immediately to avoid compromise.

Patches are available for:

NCSC UK also recommends you change your authentication credentials associated with affected VPNs and accounts connecting through them.

More information

NCSC UK advisory on the vulnerabilities External Link

Critical control: Patching External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link

For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.