Security Update:The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications
Date and Time
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications.
Advanced Users: For a complete description of the security enhancements and affected software refer to:
- VPN applications insecurely store session cookies: Vulnerability Note VU#192371 at: https://www.kb.cert.org/vuls/id/192371/
AFFECTED SYSTEM - Versions:
- Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
- Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
- Cisco AnyConnect 4.7.x and prior
WHAT'S THE PROBLEM?
Exploitation of this vulnerability may allow a remote attacker to take control of an affected computer.
HOW DO I PROTECT MY COMPUTER?
Update your software
- If you are supported by ITFS or have different IT support, no action on your part is required.
- If you do not have IT support or they do not support your computer for updates refer to the Article above and refer to vendors for appropriate updates, when available.
- IT Security – http://it.ucsf.edu/security