It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks.
Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous.
The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients. FortiClient, which is available for Linux, Mac, and Windows, also includes a VPN client, which the company claims it provides "secure, reliable access to corporate networks and applications from virtually any internet-connected remote location." Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client.
According to researchers, the FortiClient software stores VPN credentials in a local file on each computer, which is encrypted with a key to preventing easy access to the data. SEC Consult says this key is the same for all users and it's stored by default in the FortiClient binary itself. The key can easily be extracted and used to decrypt and access the VPN credentials.
The vulnerability (CVE-2017-14184) affects FortiClient 5.6.0 and earlier on Windows and Mac, and FortiClient 4.4.2334 and earlier on Linux. Fortinet has issued updates a few weeks back.
Palo Alto Networks firewalls vulnerable to root-level RCE
The second major security issue disclosed this week affects firewall products manufactured by Palo Alto Networks and running PAN-OS, the company's in-house operating system. Security researcher Philip Pettersson discovered that by combining three vulnerabilities together, he could run code on a Palo Alto firewall from a remote location with root privileges.
The vulnerability (CVE-2017-15944) affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.13 and earlier, PAN-OS 8.0.5 and earlier. Palo Alto has issued updates on December 5, including fixes for four other flaws.
The vulnerability can only be exploited if companies leave the management interface of their Palo Alto firewall exposed to WAN connections (via the Internet), instead of limiting access to the local area network (LAN) only.
You'd think this wouldn't be an issue, and network admins would know better, but it's not so. On December 13, there were 6,867 Palo Alto firewalls exposing their management interface online, according to Shodan. Remind you, these are enterprise-grade systems designed to limit access and protect sensitive networks.