FortiGate and Pulse Connect Secure SSL VPNs Are Being Targeted by Attackers

Researchers Meh Chang and Orange Tsai from DEVCORE gave a presentation at Black Hat on August 7 and published the second of three blog posts on August 8 about multiple vulnerabilities in popular Secure Socket Layer (SSL) Virtual Private Network (VPN) solutions used by many organizations across the globe. Their first foray into this research was revealed back in July, when the researchers disclosed CVE-2019-1579, a vulnerability in the Palo Alto Networks GlobalProtect SSL VPN.

On August 22, two separate reports [1, 2] identified attempts by attackers to probe for vulnerable FortiGate and Pulse Connect Secure SSL VPNs. Attackers were probing for two arbitrary file read vulnerabilities, CVE-2019-13379 (FortiGate) and CVE-2019-11510 (Pulse Connect Secure).

Proof-of-concept and exploit scripts have since become available, enabling attackers to utilize these exploits with malicious intent.

For more details about the vulnerabilities, including available patches for each product, please check out our blogs on the FortiGate vulnerabilities and Pulse Connect Secure vulnerabilities.