VPN increasingly being used to penetrate organizations

Security researchers from Claroty have discovered multiple vulnerabilities that could be exploited to allow unauthenticated attackers to execute arbitrary code while analyzing a number of popular remote access solutions used for Industrial Control Systems (ICS).

The vulnerabilities the researchers found affect VPN implementations that are used to provide remote access to operational technology (OT) networks.

Following Claroty's discovery and reporting of a critical vulnerability, tracked as CVE-2020-14511, in Moxa's EDR-G902 and EDR-G903 secure routers, the team then discovered that products from Secomea and HMS Networks also had severe flaws that could be exploited to gain full access to an organization's internal network without authentication.

Organizations utilize remote access servers to manage secure connections from outside their local networks. However, if an attacker manages to gain access to them, they can view internal traffic and even reach hosts on the network. In a report on its findings, Claroty provided further insight on why vulnerable remote access servers pose such a severe risk to organizations, saying:

“Vulnerable remote access servers can serve as highly effective attack surfaces for threat actors targeting VPNs. These tools allow clients to connect through an encrypted tunnel to a server. The server then forwards the communication into the internal network. This means the server is a critical asset in the network—as it has one “leg” in the internet, accessible to all, and one ”leg” in the secured, internal network—beyond all perimeter security measures. Thus, gaining access to it allows attackers to not only view internal traffic but also communicate as if they were a legitimate host within the network.”

Remote code execution

Secomea GateManager is a widely used ICS remote access server that is deployed by organizations around the world. However, Sharon Brizinov and Tal Keren from the Claroty Research Team discovered that it contained multiple security flaws including a critical vulnerability, tracked as CVE-2020-14500, that affects the GateManager component.

If exploited, this bug could allow an attacker to achieve remote code execution without any authentication and grant them full access to a customer's internal network as well as the ability to decrypt all traffic that passes through the VPN. Thankfully though, Claroty notified Secomea of the issue and the firm issued a patch on July 10 to address the vulnerabilities.

Claroty also discovered a vulnerability that could lead to remote code execution in HMS Networks' eWon VPN. eWon allows remote clients to connect to it using a proprietary VPN client called eCatcher. Brizinov discovered that a vulnerability in eCatcher, tracked as CVE-2020-14498, could allow unauthenticated remote code execution. Just as it did with Secomea, Claroty informed HMS Networks of its discovery and the firm released a patch to address the bug on July 14.

  • We've also highlighted the best VPN services

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/3jSHjwm
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us