Attackers are Targeting Vulnerable Fortigate and Pulse Secure SSL VPNs

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots

2nd September, 2019 1 Min read

Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations.

Attackers have been scanning for and targeting two vulnerabilities:

Book a demo today to see GlobalDots is action.

CVE-2019-11510, an arbitrary file reading vulnerability in Pulse Connect Secure
CVE-2018-13379, a path traversal flaw in the FortiOS SSL VPN web portal.

Both vulnerabilities can be exploited remotely by sending a specially crafted HTTPS request, don’t require authentication, and allow attackers to download files/extract sensitive information from the vulnerable servers.

Fixes exist for both: Pulse Secure released them in April and Fortinet in May, months before Devcore researchers Meh Chang and Orange Tsai shared their discovery with the audience at Black Hat USA 2019.

The researchers also released technical details and PoC exploit code for the Fortigate flaw earlier this month and plan to do the same for the Pulse Secure one soon.

A red padlock icon set against a backdrop of binary code and a digital pattern.

Latest Articles

FinOps

Gaming Company SuperPlay Reduces ElastiCache TCO with Strategic Optimization

About the Customer: SuperPlay is a leading Israeli gaming company that develops and publishes mobile games for a global audience. The company specializes in creating engaging social casino and casual gaming experiences, reaching millions of players worldwide. As a technology-driven gaming company, SuperPlay relies on robust cloud infrastructure to deliver seamless gaming experiences to their […]

Itay Tal

1st July, 2025

Web Security

What is an API Security Audit?

In January 2024, a misconfigured API exposed 650,000 private messages. These included passwords and internal communications. No exploit chain. No zero-day. Just a public-facing endpoint with no authentication. This wasn’t an isolated incident. From T-Mobile and Twitter (now X) to Kronos Research and the US Treasury, attackers have consistently used APIs as entry points. They […]

Ganesh The Awesome

26th June, 2025

Web Security

The Ultimate API Security Checklist for 2025

APIs are now the top attack vector in enterprise apps. In 2024 alone, breaches tied to APIs cost an average of $4.88 million, and that number is rising fast. Attackers exploit gaps in API authentication, input validation, and outdated endpoints to compromise systems. Legacy controls no longer suffice, and the OWASP API Top 10 outlines […]

Ganesh The Awesome

26th June, 2025

Web Security

10 API Security Best Practices for 2025

APIs are the backbone of today’s interconnected software. They power everything from mobile apps and SaaS platforms to internal microservices and partner integrations. But their rapid growth has left many security teams flat-footed. In 2025, many attackers prefer to exploit API misconfigurations hiding in plain sight. What used to be fringe cases (token leakage, zombie […]

Ganesh The Awesome

23rd June, 2025

Back to Resources

Unlock Your Cloud Potential