6 Known RCE Vulnerabilities in Enterprise VPNs and How to Minimize the Risk
October 9, 2019
Mo Moin (2461 articles)
Share

6 Known RCE Vulnerabilities in Enterprise VPNs and How to Minimize the Risk

Virtual private networks (VPNs) are considered a safe remote access method. But are they? Known vulnerable VPN phone apps and enterprise solutions underscore the risk in using VPN applications. For example, an in-depth analysis of 283 mobile VPNs on the Google Play store by Australia’s Commonwealth Scientific and Industrial Research Organization found significant privacy and security limitations in a majority of the services.

Things aren’t any better in corporate VPN software. Recently attackers have targeted VPN platforms. Some are targeting telecommunications, software and defense industries. Their command-and-control servers hide in public social profiles hosting malware configuration strings, thus making it extremely hard to detect the compromised systems. Once the attackers steal passwords into VPNs, they move further inside the network using Remote Desktop Protocol (RDP). Lateral movement is also done using Mimikatz, PWDump and WDigest credential harvesting.

The vulnerabilities allow an attacker to retrieve files, including those containing authentication credentials, usually through remote code execution (RCE). Then the attacker can use the harvested credentials to connect to the VPN. Once in they can change configuration settings or laterally pivot and connect to further internal infrastructure.

This post 6 Known RCE Vulnerabilities in Enterprise VPNs and How to Minimize the Risk originally appeared on CSO Online.

Read More