Researchers Unearth New VPN Vulnerabilities
Researchers Unearth New VPN Vulnerabilities Over the past few days, details about security vulnerabilities relating to virtual private network (VPN) have been disclosed by security researchers. Immersive Labs researcher and content engineer Alex Seymour recently disclosed that he found two security vulnerabilities, one referred to as CVE-2019-17387 and the other security vulnerability referred to as CVE-2019-17388, in Aviatrix VPN, an enterprise VPN used by organizations such as the National Aeronautics and Space Administration (NASA). CVE-2019-17387, in particular, allows an attacker to gain elevated privileges through arbitrary code execution on these operating systems: Windows, Linux and macOS. While Aviatrix uses certificates to validate legitimate VPN users, preventing supposedly unauthorized access, Immersive Labs said that a bit of digging reveals that relevant private key and certificates can be retrieved inside the file…