Critical Patch Issued for GenuGate Firewall

Author: Melodie Foster

Date: 3rd March 2021

The critical vulnerability could have allowed for an attacker to be able to bypass authentication measures and log in to a company’s internal network with the highest level of privileges in Genua’s GenuGate High Resistance Firewall.

The GenuGate High Resistance Firewall can establish domains with each being able to have different protection measures and will block internal networks from unauthorised access.

SEC Consult said about the flaw, “an unauthenticated attacker is able to successfully login as arbitrary user in the admin web interface, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login.”

The critical vulnerability stems from the admin authentication methods as the admin web interface, the sidechannel web and the userweb interface use different methods to authenticate. By manipulating a specific parameter method an attacker would be able to bypass the authentication and login as an arbitrary user. This happens because certain HTTP POST parameters are passed to the server which does not check the data provided and therefore can allow any authentication request.

The vulnerable versions include GenuGate versions below 10.1 p4; below 9.6 p7 and versions 9.0 and below Z p19. The bug has been fixed in GenuGate versions 10.1 p4 (G1010_004); 9.6 p7 (G960_007); 9.0 and 9.0 Z p19 (G900_019).[1]

[1] https://threatpost.com/firewall-critical-security-flaw/164347/

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

Critical Patch Issued for GenuGate Firewall

Author: Melodie Foster

Date: 3rd March 2021

Other resources

Cyberfort Colocation Services

What can Cyberfort do for you?

Cyberfort Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta