A couple days ago we found out there is a vulnerability in popular enterprise VPN solutions that would allow an attacker to connect without a username and password and perform remote code execution on target systems. The affected vendors are Palo Alto Networks, Fortinet and Pulse Secure.
Both Palo Alto Networks and Fortinet immediately issued security updates to their solutions to deal with the vulnerability. Pulse Secure claims they issued a security patch in April 2019 to deal with this issue (before it became public knowledge a few days ago).
If you’re an IT, Network or Security administrator running one of those platforms for VPN, it might be time to apply all the latest security updates ASAP.
