The US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) have released advisories on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications, specifically those produced by Pulse Connect Secure, Fortinet, and Palo Alto Networks. According to the advisories, a remote attacker could exploit these vulnerabilities to take control of an affected system. With the release of these advisories, the DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages its partners to review its “Vulnerabilities in Multiple VPN Applications” notice for more information and apply the necessary updates or mitigations.

Analyst Commentary: Users of the affected products should review the advisories and follow the recommended mitigation steps, especially applying the latest security patches released by vendors (all of the affected vendors have released patches for the vulnerabilities). Additionally, the advisories contain information on what to do if your organization suspects it has been exploited as a result of these vulnerabilities.