In a published announcement, the National Security Agency (NSA) has warned against the threats of using certain Virtual Private Network (VPN) services, stating that they have been “weaponized” by Nation-State Persistent Threat (APT) actors. The announcement gave a list of the compromised VPN services as well as the required steps to patch the vulnerabilities.
The first compromised service was the Pulse Secure VPN client. The NSA states that the vulnerabilities in Pulse Secure were first identified in April this year.
The NSA gave the following description of the vulnerabilities: “these vulnerabilities allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways. Other vulnerabilities in the series allow for interception or hijacking of encrypted traffic sessions.”
The agency also stated that the exploits can be found freely in public Github and Metasploit repositories. A table containing the affected versions and patch recommendations can be found in the original announcement.
Two other VPN services were identified by the NSA as having vulnerabilities. Palo Alto VPN was affected that allows attackers to execute code remotely, and Fortinet FortiGate VPN claims to be experiencing “active exploitation.”
The NSA also gave an exhaustive resource list for VPN service providers to harden and protect their network layer against future attacks.