Attackers are Targeting Vulnerable Fortigate and Pulse Secure SSL VPNs

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots

2nd September, 2019 1 Min read

Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations.

Attackers have been scanning for and targeting two vulnerabilities:

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

CVE-2019-11510, an arbitrary file reading vulnerability in Pulse Connect Secure
CVE-2018-13379, a path traversal flaw in the FortiOS SSL VPN web portal.

Both vulnerabilities can be exploited remotely by sending a specially crafted HTTPS request, don’t require authentication, and allow attackers to download files/extract sensitive information from the vulnerable servers.

Fixes exist for both: Pulse Secure released them in April and Fortinet in May, months before Devcore researchers Meh Chang and Orange Tsai shared their discovery with the audience at Black Hat USA 2019.

The researchers also released technical details and PoC exploit code for the Fortigate flaw earlier this month and plan to do the same for the Pulse Secure one soon.

A red padlock icon set against a backdrop of binary code and a digital pattern.

Latest Articles

Web Security

Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

11th November, 2024

Cloud Cost Optimization

How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices. But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Itay Tal Head of Cloud Services

29th September, 2024

Cloud Migration Service

Migrating Volumez RedHat VMs into Amazon Linux 2 for higher effective discounts rate of Saving Plan

A cloud data infrastructure company relied on extensive use of multiple instance types to test its products. But this made it difficult to optimize costs – a fact which had begun to impact their ability to scale the business. The GlobalDots team helped the company identify and implement a new infrastructure configuration that both saved […]

Itay Tal Head of Cloud Services

19th September, 2024

Compliance Automation

How Yuki Achieved SOC 2 Compliance 6x Faster

Overview A fast-growing Snowflake optimization platform was missing out on customers because they didn’t have the right data security compliance. Through multiple consultations and extensive vendor-testing, the GlobalDots team selected a solution to provide both tech and human support, helping the company achieve SOC 2 compliance within just 3 months – and win new customers […]

Itay Tal Head of Cloud Services

16th September, 2024

Back to Resources

Unlock Your Cloud Potential