Los servicios VPN atacado por CVE-2019-11510 vulnerabilidad - Cómo, Foro de Tecnología y Seguridad PC | SensorsTechForum.com
CYBER NOTICIAS

Los servicios VPN atacado por CVE-2019-11510 vulnerabilidad

1 Star2 Stars3 Stars4 Stars5 Stars (1 votos, promedio: 5.00 de 5)
Cargando ...

The CVE-2019-11510 vulnerability is being used against VPN providers worldwide. The available security reports indicate that a criminal collective is actively seeking to break the security barriers of several providers of VPN services. This is done by exploiting a recent vulnerability which is actively being tracked in the CVE-2019-11510 advisory.




CVE-2019-11510 Vulnerability Used Against VPN Service Providers

The CVE-2019-11510 vulnerability has been found to be used in real-time attacks against VPN providers. It appears that this is a global attack designed to attempt intrusion onto these networks by attempting to expose a weakness in them. The CVE-2019-11510 attack campaign has been tested on Pulse Connect Secure Servicio. The company was able to react timely to the intrusion attempts and released a security announcement giving further details on the flaw. According to the released information this is classified as anauthentication by-pass vulnerabilitythat can allow non-authenticated users to access files on the service’s gateway. On affected systems this will trigger a remote code execution flaw. All Pulse Connect Secure have been patched in order to defer any possible intrusion attempts.

Relacionado: CVE-2019-15107: La vulnerabilidad de ejecución remota de código en Webmin

The problem that was associated with this threat is the ability of the hackers to use publicly available code (posted online as proof-of-concept). This makes it very easy to automate the attacks by the hackers. This is done by arming the exploit code and finding out the public-facing Internet gateways that the target VPN service is using.

Thanks to the thorough security analysis the security researchers have been able to uncover what are the actions that are to be run once the hosts are infiltrated:

  • The first step is the initial infection. This is done by succesfully exploiting the host with the CVE-2019-11510 flaw.
  • The next step is to download the system account credentials. They are done by taking the relevant file from the server’s file system.
  • From there on the infected computers can be infected with other viruses and data stolen.

A similar attack was also found to be used against government agencies, public education institutions, utility industries, financial corporations and etc.

avatar

Martin Beltov

Martin se graduó con un título en Edición de la Universidad de Sofía. Como un entusiasta de la seguridad cibernética que le gusta escribir sobre las últimas amenazas y mecanismos de intrusión.

Más Mensajes - Sitio web

Sígueme:
Gorjeogoogle Plus

Dejar un comentario

Su dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

Se agotó el tiempo límite. Vuelve a cargar de CAPTCHA.

Compartir en Facebook Compartir
Cargando ...
Compartir en Twitter Pío
Cargando ...
Compartir en Google Plus Compartir
Cargando ...
Compartir en Linkedin Compartir
Cargando ...
Compartir en Digg Compartir
Compartir en Reddit Compartir
Cargando ...
Compartir en Stumbleupon Compartir
Cargando ...