The reliance on Virtual Private Networks (VPNs) for secure remote access has grown significantly, especially with the rise in remote work and global connectivity. However, the increasing number of VPN vulnerabilities discovered between 2022 and the first half of 2024 highlights the significant risks associated with these tools. In fact, 2023 saw a 47% increase in VPN vulnerabilities compared to the previous year, emphasizing the growing threat landscape.

This blog will delve into the top 10 VPN vulnerabilities that have surfaced in recent years and explain how NVIS AI can provide a more secure alternative by addressing these critical issues.

1. Information disclosure in Check Point quantum gateway/Spark gateway/CloudGuard network remote access VPN (CVE-2024-24919)

CVE-2024-24919 is a high-severity vulnerability that allows unauthorized information disclosure in Check Point’s Quantum Security Gateways. This flaw has been actively exploited, enabling attackers to steal Active Directory credentials and move laterally within networks. The primary concern with this vulnerability is that it can grant attackers access to sensitive network areas, leading to significant data breaches and unauthorized access.

2. Out-of-bounds write in Fortinet FortiOS SSL-VPN (CVE-2024-21762)

This critical vulnerability in Fortinet’s FortiOS enables unauthenticated attackers to execute remote code through specially crafted requests. The flaw is particularly dangerous as it can allow attackers to gain control of the system, leading to widespread damage. The ability to execute arbitrary code remotely makes this vulnerability a prime target for attackers seeking to infiltrate secure networks.

3. Command injection in Palo Alto networks PAN-OS GlobalProtect (CVE-2024-3400)

CVE-2024-3400 is a command injection vulnerability in Palo Alto’s GlobalProtect that allows attackers to execute arbitrary code with root privileges. This vulnerability is especially concerning as it can lead to complete system compromise. Command injection flaws like this one allow attackers to manipulate systems to perform unauthorized actions, making them a significant threat to any network.

4. Heap-based overflow in Fortinet FortiOS/FortiProxy SSL-VPN (CVE-2023-27997)

This vulnerability allows pre-authentication remote code execution attacks in Fortinet SSL VPN products. Attackers can exploit this flaw even when multi-factor authentication (MFA) is enabled, posing a severe threat to organizations. The ability to bypass MFA and execute code before authentication highlights the critical nature of this vulnerability.

5. Heap-based overflow in FortiOS SSL-VPN (CVE-2022-42475)

This vulnerability in Fortinet’s FortiOS SSL-VPN products allows attackers to execute arbitrary code on vulnerable systems. The exploitation of this flaw has been linked to sophisticated malware campaigns, further highlighting its severity. Malware that takes advantage of such vulnerabilities can lead to extensive data breaches and network compromises.

6. Improper authentication & command injection in Ivanti connect secure/policy secure (CVE-2023-46805 & CVE-2024-21887)

These vulnerabilities allow attackers to bypass authentication and execute arbitrary commands on Ivanti Connect Secure VPN appliances. The flaws have been exploited in the wild, leading to unauthorized access and extensive network intrusions. When authentication is compromised, attackers can gain control over critical systems, leading to severe security breaches.

7. Zyxel USG/USG FLEX/VPN/ATP error message OS command injection (CVE-2023-28771)

This critical vulnerability in Zyxel firewalls allows unauthorized attackers to execute remote code through command injection. The flaw has been widely exploited by botnets, leading to significant disruptions. Botnets leveraging such vulnerabilities can cause widespread network outages and significant operational disruptions.

8. Unrestricted upload in cisco RV340/RV340W/RV345/RV345P (CVE-2023-20073)

This vulnerability in Cisco VPN routers allows unauthenticated attackers to upload arbitrary files due to insufficient authorization enforcement. The flaw can compromise the integrity of the affected devices. Unauthorized file uploads can introduce malicious software into a network, leading to data corruption and security breaches.

9. Use after free in OpenVPN/OpenVPN access server (CVE-2023-46850)

This vulnerability in OpenVPN can lead to undefined behavior, allowing attackers to leak sensitive information or execute remote code by sending network buffers to a remote peer. Configurations using TLS are particularly vulnerable to this exploit, posing a significant risk to affected servers. Such vulnerabilities can result in unauthorized data access and potential network breaches.

10. Out-of-bounds write in synology VPN plus server remote desktop (CVE-2022-43931)

This critical vulnerability in Synology’s VPN Plus Server allows remote attackers to execute arbitrary commands on vulnerable devices. The flaw poses a significant risk to organizations using these VPN servers. Remote command execution vulnerabilities are particularly dangerous as they can give attackers complete control over a system.

Conclusion

The rise in VPN vulnerabilities underscores the urgent need for a more secure solution. Traditional VPNs, as demonstrated by the vulnerabilities discussed, are increasingly becoming targets for sophisticated cyberattacks. These vulnerabilities expose networks to unauthorized access, data breaches, and significant operational disruptions.

NVIS AI offers a comprehensive approach to network security, eliminating the risks associated with traditional VPNs. By hiding your network architecture, providing peer-to-peer encrypted connections, and utilizing AI-driven provisioning, NVIS AI ensures that your organization remains protected from the evolving threat landscape.

With NVIS AI, you can say goodbye to the vulnerabilities of traditional VPNs and embrace a future where your network is truly secure. To learn more, schedule a demo or contact our team of experts today.