Security News > 2020 > January > Patch or Perish: VPN Servers Hit by Ransomware Attackers
On Saturday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets reported that his internet scans have identified 3,825 Pulse Secure VPN servers that remain at risk because they have not been updated with a patch to fix a critical vulnerability, designated CVE-2019-1150.
The patch for Pulse Secure VPN servers - as with critical patches for VPN servers built by Fortinet and Palo Alto that have also required updates to fix serious flaws since last year - has been available for months.
There are organizations that have yet to apply this patch. We continue to request customers to apply the April patch fix to their VPN systems - this server-side patch does not require updating the client."
Patching of Fortinet servers is also incomplete, with many still remaining vulnerable to CVE-2018-13379 - designated FG-IR-18-384 by the vendor - which enables attackers to easily steal plaintext passwords and usernames from servers.
Bad Packets' Mursch tells ComputerWeekly that Travelex had seven Pulse Secure VPN servers - in Australia, the Netherlands, the U.K. and the U.S. - that it failed to patch against CVE-2019-11510 until November 2019, although he said it had been directly warned before that.
News URL
https://www.inforisktoday.com/patch-or-perish-vpn-servers-hit-by-ransomware-attackers-a-13583
Related news
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-14 | CVE-2019-1150 | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. | 8.8 |
| 2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |
| 2019-05-08 | CVE-2019-11510 | Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 10.0 |