The Tenable Security Response Team has identified three critical SSL VPN vulnerabilities CVE-2019-19781, CVE-2019-11510 and CVE-2018-13379 that continue to be routinely exploited by threat actors and ransomware groups. According to Cert-In’s advisory, these vulnerabilities were some of the most exploited in 2020.
Satnam Narang, Staff Research Engineer at Tenable has analysed how these three vulnerabilities have been exploited historically along with new reports of attacks in 2021. A more detailed overview on how many organizations have not applied available patches a year and a half after they were released and why it is important to fully update and properly configured SSL VPN products to keep attackers out can be found in this blog.
“The research highlights that threat actors don’t need to spend capital obtaining or developing zero-day vulnerabilities, or burn the ones they already have when unpatched vulnerabilities remain a consistent challenge for organizations. This issue is reinforced by easy access to publicly available PoC and exploit scripts that attackers can repurpose in order to compromise organizations,” said Satnam Narang, staff research engineer, Tenable.
“VPNs are often unpatched because, unlike traditional IT assets, they are expected to be operational at all times and may not be configured for maintenance. However, many VPN products can function in modes that allow corporate IT teams to patch and restore service without interruption or downtime.
“It is critical that security teams prioritize VPNs in their threat assessement considerations for scanning and patching VPN vulnerabilities,” Satnam Narang, Staff Research Engineer at Tenable.