Author: Melodie Foster
Date: 3rd March 2021
The critical vulnerability could have allowed for an attacker to be able to bypass authentication measures and log in to a company’s internal network with the highest level of privileges in Genua’s GenuGate High Resistance Firewall.
The GenuGate High Resistance Firewall can establish domains with each being able to have different protection measures and will block internal networks from unauthorised access.
SEC Consult said about the flaw, “an unauthenticated attacker is able to successfully login as arbitrary user in the admin web interface, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login.”
The critical vulnerability stems from the admin authentication methods as the admin web interface, the sidechannel web and the userweb interface use different methods to authenticate. By manipulating a specific parameter method an attacker would be able to bypass the authentication and login as an arbitrary user. This happens because certain HTTP POST parameters are passed to the server which does not check the data provided and therefore can allow any authentication request.
The vulnerable versions include GenuGate versions below 10.1 p4; below 9.6 p7 and versions 9.0 and below Z p19. The bug has been fixed in GenuGate versions 10.1 p4 (G1010_004); 9.6 p7 (G960_007); 9.0 and 9.0 Z p19 (G900_019).
Cyberfort Colocation Services
Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >
Cyberfort Deep Dives
Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >