{"id":7626,"date":"2020-07-19T04:26:03","date_gmt":"2020-07-19T11:26:03","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7626"},"modified":"2023-07-10T14:54:54","modified_gmt":"2023-07-10T21:54:54","slug":"do-vpns-have-our-back","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/do-vpns-have-our-back\/","title":{"rendered":"How Safe are VPN Solutions?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7626\" class=\"elementor elementor-7626\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-412609d0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"412609d0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ed4746c\" data-id=\"ed4746c\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-42ea03ab elementor-widget elementor-widget-text-editor\" data-id=\"42ea03ab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>\u00a0<\/p><p>In our recent report series\u00a0 called \u2018<a href=\"https:\/\/cybersecurityworks.com\/cyber-risk-series\/\" target=\"_blank\" rel=\"noopener\">Cyber Risk in Working Remotely<\/a>\u2019\u00a0we examined popular VPN applications and their inherent vulnerabilities. This definitive <a href=\"https:\/\/cybersecurityworks.com\/resources\/cyber-risk-series\/cyber-risk-in-vpn.html\" target=\"_blank\" rel=\"noopener\">report <\/a>is an eye-opener for organizations as we analyzed popular applications such as <strong>Fortinet<\/strong>, <strong>Pulse Secure<\/strong>, <strong>Palo Alto<\/strong>, <strong>Check Point<\/strong>, <strong>SonicWall<\/strong>, <strong>OpenVPN<\/strong>, <strong>Citrix<\/strong>, <strong>Cisco and many others<\/strong>\u00a0for vulnerabilities.<\/p><h3><strong>Key Findings<\/strong><\/h3><p>The report provides a comprehensive study of vulnerabilities that exist in popular VPN solutions<\/p><blockquote><ul><li><strong>23<\/strong>\u00a0CVEs are weaponized<\/li><li><strong>17\u00a0<\/strong>CVEs are associated with RCE &amp; Privilege Execution<\/li><li><strong>1<\/strong>\u00a0CVE is associated with a Ransomware\u00a0\u2018Sodinokibi&#8217;<\/li><\/ul><\/blockquote><h3><strong>Vulnerabilities in VPNs<\/strong><\/h3><ul><li>In the past decade (2010 \u2013 2020) over <span style=\"color: #b22222;\"><strong>147<\/strong> <\/span>vulnerabilities (CVE) have been detected across all vendors (that were examined in the report) out of which <span style=\"color: #b22222;\"><strong>23<\/strong> <\/span>are weaponized. Out of the weaponized CVE, <span style=\"color: #b22222;\"><strong>1<\/strong> <\/span>is associated with Ransomware, <span style=\"color: #b22222;\"><strong>5 <\/strong><\/span>with RCE, and <span style=\"color: #b22222;\"><strong>12 <\/strong><\/span>have privilege execution.<\/li><li>According to the Common Vulnerability Scoring System (CVSS &gt;=9), there are <strong><span style=\"color: #b22222;\">12 <\/span><\/strong>critical and <span style=\"color: #b22222;\"><strong>29 <\/strong><\/span>high vulnerabilities that need to be fixed immediately.<\/li><\/ul><p><img decoding=\"async\" style=\"width: 600px; height: 426px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/vpn6.png\" alt=\"\" \/><\/p><ul><li>If you are using VPNs from these vendors, here is a heads-up on their vulnerability count. Pulse Secure has over <span style=\"color: #b22222;\"><strong>44 <\/strong><\/span>vulnerabilities in total, of which <span style=\"color: #b22222;\"><strong>4 <\/strong><\/span>are already weaponized and <span style=\"color: #b22222;\"><strong>1 <\/strong><\/span>is associated with a Ransomware, and <span style=\"color: #b22222;\"><strong>2 <\/strong><\/span>have remote code execution capabilities.<\/li><li>Cisco stands second with <span style=\"color: #b22222;\"><strong>43 <\/strong><\/span>vulnerabilities of which <span style=\"color: #b22222;\"><strong>3 <\/strong><\/span>have been weaponized. Fortinet stands in the second position with over <span style=\"color: #b22222;\"><strong>28 <\/strong><\/span>vulnerabilities in total out of which <span style=\"color: #b22222;\"><strong>9 <\/strong><\/span>are already weaponized.<\/li><\/ul><p><img decoding=\"async\" style=\"width: 600px; height: 473px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/vpn4.png\" alt=\"\" \/><\/p><ul><li>In terms of priority, Citrix has <span style=\"color: #b22222;\"><strong>4<\/strong><\/span> critical vulnerabilities that need to be fixed, followed by Cisco (<span style=\"color: #b22222;\"><strong>3<\/strong><\/span>), Fortinet (<span style=\"color: #b22222;\"><strong>2<\/strong><\/span>), and Check Point (<strong><span style=\"color: #b22222;\">2<\/span><\/strong>).<\/li><\/ul><p><img decoding=\"async\" style=\"width: 600px; height: 420px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/vpn5.png\" alt=\"\" \/><\/p><ul><li>2015 and 2017 have been busy years for threat actors (where weaponization of VPN vulnerabilities are concerned) with a count of <span style=\"color: #b22222;\"><strong>7 <\/strong><\/span>and <span style=\"color: #b22222;\"><strong>8<\/strong><\/span>, respectively.<\/li><\/ul><p style=\"text-align: center;\"><strong>Count of Vulnerabilities that popular scanners missed<\/strong><\/p><table style=\"width: 500px;\" border=\"1\" cellspacing=\"1\" cellpadding=\"1\" align=\"center\"><tbody><tr><td style=\"text-align: center;\">\u00a0<\/td><td style=\"text-align: center;\"><strong>Nessus<\/strong><\/td><td style=\"text-align: center;\"><strong>Nexpose<\/strong><\/td><td style=\"text-align: center;\"><strong>Qualys<\/strong><\/td><\/tr><tr><td style=\"text-align: center;\"><strong>Fortinet<\/strong><\/td><td style=\"text-align: center;\">3<\/td><td style=\"text-align: center;\">3<\/td><td style=\"text-align: center;\">1<\/td><\/tr><tr><td style=\"text-align: center;\"><strong>Cisco<\/strong><\/td><td style=\"text-align: center;\">0<\/td><td style=\"text-align: center;\">3<\/td><td style=\"text-align: center;\">1<\/td><\/tr><tr><td style=\"text-align: center;\"><strong>Total<\/strong><\/td><td style=\"text-align: center;\">3<\/td><td style=\"text-align: center;\">6<\/td><td style=\"text-align: center;\">2<\/td><\/tr><\/tbody><\/table><blockquote><p><strong><span style=\"font-size: 20px;\">The scanners that ought to detect these vulnerabilities are not doing their job!<\/span><\/strong><\/p><\/blockquote><ul><li><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11510\" target=\"_blank\" rel=\"noopener\">CVE-2019-11510<\/a> <\/strong>(the same vulnerability that led to Travelex breach) still exists in Pulse Secure and it allows unauthenticated remote attackers to perform arbitrary file reading.<\/li><li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-15711\"><strong>CVE-2019-15711<\/strong><\/a> in Fortinet has a PE exploit that allows a user with a low privilege to run system commands under root privilege.<\/li><li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11539\"><strong>CVE-2019-11539<\/strong><\/a> which exists in Pulse Secure allows an authenticated attacker to inject and execute commands through the admin web interface.<\/li><\/ul><blockquote><p><strong><span style=\"font-size: 18px;\">With popular scan systems not having our back, vigilance is called for. There are <span style=\"color: #b22222;\">124<\/span> vulnerabilities in VPNs that are just waiting to be weaponized.<\/span><\/strong><\/p><\/blockquote><p>Threat actors are moving fast and unless you want to pay a huge ransom for your data or watch it being auctioned, vigilance is called for. Don\u2019t be complacent about installing patches for your scan systems and until these CVS are addressed, we would recommend that you use applications that have a smaller number of vulnerabilities.<\/p><p style=\"text-align: center;\"><span style=\"font-size: 18px;\"><strong>Download the whitepaper <a href=\"https:\/\/cybersecurityworks.com\/resources\/cyber-risk-series\/cyber-risk-in-vpn.html\" target=\"_blank\" rel=\"noopener\">Cyber Risk in VPNs<\/a><\/strong><\/span><\/p><p style=\"text-align: center;\"><a href=\"https:\/\/cybersecurityworks.com\/resources\/cyber-risk-series\/cyber-risk-in-vpn.html\"><img decoding=\"async\" style=\"width: 500px; height: 571px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/crs-vpn.png\" alt=\"\" \/><\/a><\/p><p style=\"text-align: center;\">\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Travelex fell prey to a ransomware attack (on New Year\u2019s Eve) because they failed to install a patch issued by their VPN &#8211; Pulse Secure. How safe are our VPNs? Let&#8217;s find out.<\/p>\n","protected":false},"author":1,"featured_media":7627,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[138,80,109],"tags":[220,371,91,370,106,139],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7626"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=7626"}],"version-history":[{"count":7,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7626\/revisions"}],"predecessor-version":[{"id":18775,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7626\/revisions\/18775"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7627"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/categories?post=7626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/tags?post=7626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}