VPN increasingly being used to penetrate organizations

Security researchers from Claroty have discovered multiple vulnerabilities that could be exploited to allow unauthenticated attackers to ex...

Security researchers from Claroty have discovered multiple vulnerabilities that could be exploited to allow unauthenticated attackers to execute arbitrary code while analyzing a number of popular remote access solutions used for Industrial Control Systems (ICS).

The vulnerabilities the researchers found affect VPN implementations that are used to provide remote access to operational technology (OT) networks.

Following Claroty's discovery and reporting of a critical vulnerability, tracked as CVE-2020-14511, in Moxa's EDR-G902 and EDR-G903 secure routers, the team then discovered that products from Secomea and HMS Networks also had severe flaws that could be exploited to gain full access to an organization's internal network without authentication.

Organizations utilize remote access servers to manage secure connections from outside their local networks. However, if an attacker manages to gain access to them, they can view internal traffic and even reach hosts on the network. In a report on its findings, Claroty provided further insight on why vulnerable remote access servers pose such a severe risk to organizations, saying:

“Vulnerable remote access servers can serve as highly effective attack surfaces for threat actors targeting VPNs. These tools allow clients to connect through an encrypted tunnel to a server. The server then forwards the communication into the internal network. This means the server is a critical asset in the network—as it has one “leg” in the internet, accessible to all, and one ”leg” in the secured, internal network—beyond all perimeter security measures. Thus, gaining access to it allows attackers to not only view internal traffic but also communicate as if they were a legitimate host within the network.”

Remote code execution

Secomea GateManager is a widely used ICS remote access server that is deployed by organizations around the world. However, Sharon Brizinov and Tal Keren from the Claroty Research Team discovered that it contained multiple security flaws including a critical vulnerability, tracked as CVE-2020-14500, that affects the GateManager component.

If exploited, this bug could allow an attacker to achieve remote code execution without any authentication and grant them full access to a customer's internal network as well as the ability to decrypt all traffic that passes through the VPN. Thankfully though, Claroty notified Secomea of the issue and the firm issued a patch on July 10 to address the vulnerabilities.

Claroty also discovered a vulnerability that could lead to remote code execution in HMS Networks' eWon VPN. eWon allows remote clients to connect to it using a proprietary VPN client called eCatcher. Brizinov discovered that a vulnerability in eCatcher, tracked as CVE-2020-14498, could allow unauthenticated remote code execution. Just as it did with Secomea, Claroty informed HMS Networks of its discovery and the firm released a patch to address the bug on July 14.

  • We've also highlighted the best VPN services

Via BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/3jSHjwm



Apps,3775,Business,145,Camera,1132,Earn $$$,1,Gadgets,1624,Games,878,Mobile,1669,Technology,7465,Trailers,783,Travel,36,Trendly News,12536,Video,3,XIAOMI,11,
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: VPN increasingly being used to penetrate organizations
VPN increasingly being used to penetrate organizations
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy