VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies Credit: Getty Images The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon’s CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. “If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods,” CERT wrote. “An attacker would then have access to the same applications that the user does through their VPN session.” According to the CERT warning, the following products and versions store the cookie insecurely in log files: Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573) Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2. The following products and versions store the cookie insecurely in memory: Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0. Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2. Cisco AnyConnect 4.7.x and prior. CERT says that Palo Alto Networks GlobalProtect version 4.1.1 patches this vulnerability. F5 said it was aware of both vulnerabilities and has issued advisories for both CVE-2013-6024and CVE-2017-6139. The severity of CVE-2013-6024 is low and F5 provided guidance to customers on how to mitigate. CVE-2017-6139 has been fixed in BIG-IP 12.1.3, 13.1.0 and 13.0.1 and customers can eliminate the vulnerability by upgrading to one of these versions. F5 has not received reports from customers of these vulnerabilities being exploited. CERT said it is unaware of any patches at the time of publishing for Cisco AnyConnect. Pulse said it was notified by CERT with regards to a vulnerability. This vulnerability affects older versions of Pulse Secure Desktop and Network Connect clients. However, Pulse Secure had already fixed this vulnerability in the latest Pulse Desktop Client and Network Connect product. Pulse issued a related Security Advisory to disclose this to the public – Security Advisory – SA44114. CERT credited the National Defense ISAC Remote Access Working Group for reporting the vulnerability. Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Technology Industry Markets news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Mainframes Mainframes Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe