Cisco and Palo Alto Networks among Victims of VPN Application Rift: Researchers



[ad_1]

The researchers warn that hackers could exploit a VPN application vulnerability present in the products of four cybersecurity vendors, including network market leader CIsco and security solutions provider Palo Alto Networks.

The Carnegie Mellon University CERT Coordination Center discovered that VPN applications built by Cisco, Palo Alto Networks, F5 Networks, and Pulse Secure unsecuredly stored authentication tokens and session cookies in Microsoft. memory or in log files. The cyber security division of the US Department of Homeland Security has issued an alert following the release of the CERT report. Cisco denied being impacted by the loophole.

CERT stated that this vulnerability did not affect the VPN applications of Check Point Software Technologies and pfSense. The status of VPN applications from over 200 other providers remains unknown, however, according to CERT.

If an attacker has persistent access to the endpoint of a virtual private network user or exfilts the cookie by using other methods, he could replay the session and bypass others. authentication methods, according to CERT. An attacker with stolen tokens would have access to the same applications, systems, and company data as legitimate users via their VPN session, said CERT.

[Related: Feds Warn Cybercriminals Are Targeting SAP, Oracle ERP Applications]

CERT stated that Cisco AnyConnect 4.7.x and earlier stored the session cookie incorrectly in memory. A company spokesman, however, told CRN that Cisco had investigated this problem and determined that Cisco AnyConnect was not vulnerable to the problem described in CERT's Vulnerability Note. Cisco's stock is up $ 0.58 (1.03%) to $ 56.18.

CERT also found that Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 incorrectly stored the session cookie in memory and log files.

Palo Alto Networks has confirmed that its agent is vulnerable and has encouraged Windows users to update to GlobalProtect Agent 4.1.1 and macOS users to update to GlobalProtect Agent 4.1.11 or later, for which a patch is available .

"Palo Alto Networks follows the coordinated disclosure of vulnerabilities and the security of our customers is of utmost importance to us," said a company spokesperson at CRN. "Once the CERT / CC informed us of a problem concerning several suppliers, we worked with them on the publication schedule of our security advisory."

The action of Palo Alto Networks is down from 1.41 USD (0.57%) to 244.92 USD in trading Friday afternoon.

Similarly, CERT found that Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2 did not correctly store the session cookie in memory and log files.

The company has acknowledged this vulnerability in: Pulse Connect Secure 9.0R1 – 9.0R2, 8.3R1 – 8.3R6 and 8.1R1 – 8.1R13; as well as Pulse Desktop Client 9.0R1 – 9.0R2 and 5.3R1 – 5.3R6, and these clients must upgrade to a fixed version of Pulse Desktop Client or Pulse Connect Secure. Pulse Desktop Client only needs a client-side patch, the company said, and does not require server-side upgrades.

"This vulnerability has already been resolved and Pulse Secure has issued a security advisory," said a Pulse Secure spokesperson.

F5 Networks, for its part, is aware of unsecured memory storage on its BIG-IP APM, BIG-IP Edge Gateway and FirePass products since February 2014, but has never developed a fix. Instead, the company recommended users to rely on a one-time password or two-factor authentication rather than password-based authentication.

With regard to unsecured log storage, F5 Networks has been aware of this problem in its BIG-IP APM system since December 2017 and has solved the problem in versions 12.1.3 and 13.1.0. The company did not respond to a request for additional comment.

[ad_2]

Source link