FORT MEADE, Md. — While actively defending our National Security Systems, NSA identifies vulnerabilities that could leave systems compromised. In response, NSA develops and issues Cybersecurity Advisories, Information sheets, Technical Reports, and Operational Risk Notices. NSA recommends users regularly review and take action based on these publications, available on NSA.gov here.
Multiple Nation State Advanced Persistent Threat (APT) actors have weaponized CVE-2019-11510, CVE-2019-11539, and CVE-2018-13379 to gain access to vulnerable VPN devices. Network administrators should apply all available software updates, automate the process to the greatest extent possible, and use the update service provided directly from the vendor. See the latest Cybersecurity Advisory here for additional information.