TruGrid Cybersecurity News – Feb 2020

Vulnerability in Multiple VPN Applications
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system. 

CERT Warning
According to the CERT warning, the following products and versions store the cookie insecurely in log files:
 – Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
 – Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2.

The following products and versions store the cookie insecurely in memory:
 – Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0.
 – Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2.
 – Cisco AnyConnect 4.7.x and prior.

CERT also warned that unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack.

VPN Alternatives
In addition to the listed vulnerabilities, many VPN solutions lack multifactor authentication that can make them more secure. Organizations looking to use RDP or RDS over VPN may consider other alternative solutions such as TruGrid SecureRDP, which includes multifactor authentication with push and much simpler to deploy.

Full CERT and CISA Articles

Reference: TruGrid Cybersecurity News – February 2020