Security News > 2020 > January > Patch or Perish: VPN Servers Hit by Ransomware Attackers
On Saturday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets reported that his internet scans have identified 3,825 Pulse Secure VPN servers that remain at risk because they have not been updated with a patch to fix a critical vulnerability, designated CVE-2019-1150.
The patch for Pulse Secure VPN servers - as with critical patches for VPN servers built by Fortinet and Palo Alto that have also required updates to fix serious flaws since last year - has been available for months.
There are organizations that have yet to apply this patch. We continue to request customers to apply the April patch fix to their VPN systems - this server-side patch does not require updating the client."
Patching of Fortinet servers is also incomplete, with many still remaining vulnerable to CVE-2018-13379 - designated FG-IR-18-384 by the vendor - which enables attackers to easily steal plaintext passwords and usernames from servers.
Bad Packets' Mursch tells ComputerWeekly that Travelex had seven Pulse Secure VPN servers - in Australia, the Netherlands, the U.K. and the U.S. - that it failed to patch against CVE-2019-11510 until November 2019, although he said it had been directly warned before that.
News URL
https://www.inforisktoday.com/patch-or-perish-vpn-servers-hit-by-ransomware-attackers-a-13583
Related news
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-14 | CVE-2019-1150 | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. | 0.0 |
| 2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |
| 2019-05-08 | CVE-2019-11510 | Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 10.0 |