The UK’s National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.
Vulnerabilities exist in several SSL VPN products which allow an attacker to retrieve arbitrary files, including those containing authentication credentials.
An attacker can use these stolen credentials to connect to the VPN and change configuration settings, or connect to further internal infrastructure.
Unauthorised connection to a VPN could also provide the attacker with the privileges needed to run secondary exploits aimed at accessing a root shell.
We encourage administrators to review the NCSC Alert for more information and to review the following security advisories and apply the necessary updates: