Attacks on unpatched Pulse Secure and Fortinet SSL VPNs

[German]Hacker are scanning the web for and attacking unpatched Pulse Secure and Fortinet SSL VPNs for several days. Private keys and user passwords can be read out via vulnerabilities. The manufacturers released updates for the vulnerabilities months ago.


Simply general information for people who use VPN software from both companies. I came across this topic via the following tweet by security researcher Kevin Beaumont.

The attacks are taking place despite the fact that both VPN providers released security updates for their products a few months ago – Pulse Secure in April, Fortinet in May. Both vendors warned their users and recommended all customers to install the updates as quickly as possible given the severity of the bugs. However, many companies do not appear to have installed the updated software yet and are therefore still at increased risk from escalating exploitation attempts. Mass scans are now being detected.

Vulnerabilities can be used to capture private keys and passwords for online accounts. In addition, command injection or intrusion into networks may be possible, as this tweet suggests.


Internet scans provide at least 480,000 Fortinet Fortigate SSL VPN endpoints connected to the Internet. However, it is currently unclear how many are not patched. However, experts say that of the 42,000 or so Pulse Secure SSL VPN endpoints that can be reached online, more than 14,000 are unpatched. It appears that some of the world's largest corporations, national infrastructure providers and government agencies are still affected. So I think we will soon be able to report more hacks and leaks.

Cookies helps to fund this blog: Cookie settings


This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *