The CERT Coordination Center released an alert that several leading enterprise VPNs insecurely store session cookies insecurely in memory.
An attacker could exploit this vulnerability to take control of the company’s internal network.
The vulnerability found in the leading enterprise VPN apps that includes Cisco, Palo Alto Networks, Pulse Secure, and F5 Networks.
To keep the user session active the VPN apps generate token’s based on the user’s password and store in the computer to avoid having them to re-enter the password again.
But if the attacker gains persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods.
An attacker would then have access to the same applications that the user does through their VPN session,” reads US-CERT advisory.
Out of the 4 affected apps, F5 Networks and Palo Alto Networks released a security update. With F5 the vulnerability is fixed in version 12.1.3 and 13.1.0 onwards. Palo Alto Networks GlobalProtect version 4.1.1 patches this vulnerability.
This vulnerability can be tracked as CVE-2019-1573, Checkpoint and
Download Free E-book to learn about complete Enterprise Security Implementation & Mitigation Steps – Download Free-Ebook Here.