High Threat Security Alert (A19-08-05): Multiple Vulnerabilities in Fortinet and Pulse Secure Products


 

Published on: 27 August 2019

  
  

Description:

Fortinet and Pulse Secure released security advisories to address the vulnerabilities in their SSL VPN services.  An unauthenticated remote attacker could exploit the vulnerabilities by sending a specially crafted HTTP request to an affected system.

Reports indicate that active exploitation and mass scanning activities against the vulnerabilities in SSL VPN services (CVE-2018-13379 and CVE-2019-11510) have been observed. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Fortinet products running FortiOS version 5.6.3 to 5.6.7
  • Fortinet products running FortiOS version 6.0.0 to 6.0.4
  • Pulse Connect Secure 8.1R1 to 8.1R15
  • Pulse Connect Secure 8.2R1 to 8.2R12
  • Pulse Connect Secure 8.3R1 to 8.3R7
  • Pulse Connect Secure 9.0R1 to 9.0R3.3
  • Pulse Policy Secure 5.1R1 to 5.1R15
  • Pulse Policy Secure 5.2R1 to 5.2R12
  • Pulse Policy Secure 5.3R1 to 5.3R12
  • Pulse Policy Secure 5.4R1 to 5.4R7
  • Pulse Policy Secure 9.0R1 to 9.0R3.3

 

Impact:

Successful exploitation of the vulnerabilities could lead to credential leakage, information disclosure and arbitrary code execution on an affected system.

 

Recommendation:

To mitigate the risks, system administrators are advised to take the following action immediately:

  1. Patch the affected systems as mentioned in the Fortinet (FG-IR-18-384) and Pulse Secure (SA44101) security advisories.

  2. If for any reasons the patch could not be applied immediately, disable the SSL-VPN service as a stop-gap measure until the vulnerable systems have been patched.

  3. Since proof-of-concept (PoC) exploits are publicly available and known to capture the vulnerable VPN's password file, change the VPN device's passwords in case of any suspicious incoming request like that below is received:
    "https://sslmgr/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
    If you are not so sure, for the sake of prudence, please change the passwords anyway.

 

More Information:

https://fortiguard.com/psirt/FG-IR-18-384
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11507 (to CVE-2019-11510)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11538 (to CVE-2019-11543)

 



Tag: Fortinet , FortiOS , Pulse Secure , Pulse Connect Secure , Pulse Policy Secure
Tags