New security flaws discovered in three popular corporate VPN tools by researchers at Devcore could allow attackers to steal confidential information directly from companies' networks.
The firm's Orange Tsai and Meh Chang first discovered the security flaws which affect corporate VPNs from Palo Alto Networks, Fortinet and Pulse Secure.
While consumers utilize VPNs to bypass region blocks and to protect their privacy online, business users often use the services to access resources on their organization's corporate network while working remotely. Typically companies provide their staff with a corporate username and password along with a two-factor authentication code to access their networks using a VPN.
- Turbo VPN is the fastest growing mobile VPN
- How to make money from a VPN
- ExpressVPN ups simultaneous VPN connections to five
However, according to Chang and Tsai, the flaws they discovered could allow an attacker to gain access to a company's network without the need for a username or password.
By using an SSL VPN business users have a convenient way to connect to corporate networks while out of the office but they also provide hackers with an easy way to infiltrate a company's intranet according to Tsai who explained how they can be misused further in a blog post, saying:
“SSL VPNs protect corporate assets from Internet exposure, but what if SSL VPNs themselves are vulnerable? They’re exposed to the Internet, trusted to reliably guard the only way to your intranet. Once the SSL VPN server is compromised, attackers can infiltrate your Intranet and even take over all users connecting to the SSL VPN server!”
The researchers offered further insight on the format string flaw which affects Palo Alto's GlobalProtect portal and GlobalProtect Gateway products in their post. The remote code execution flaw (indexed as CVE-2019-1579) exists in the PAN SSL Gateway and could enable unauthenticated threat actors to remotely execute arbitrary code on target systems if exploited.
Only older versions of the software are affected by the vulnerability but Devcore found that many businesses, including Uber, are still using the outdated software. For example, the researchers found that 22 of Uber's servers were still using a vulnerable version of GlobalProtect.
Palo Alto Networks has alerted its customers regarding the issue in an advisory in which it urged them to update their software to the latest version while Fortinet has updated its firmware to address the vulnerability. Pulse Secure on the other hand, released a patch in April to address the issue.
- We've also highlighted the best VPN services of 2019