0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Genua GenuGate High Resistance Firewall Authentication Bypass Vulnerability
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
======================================================================= title: Authentication bypass vulnerability product: Genua GenuGate High Resistance Firewall vulnerable version: GenuGate <10.1 p4, <9.6 p7, <9.0/9.0 Z p19 fixed version: GenuGate 10.1 p4 (G1010_004), 9.6 p7 (G960_007) 9.0 and 9.0 Z p19 (G900_019) CVE number: CVE-2021-27215 impact: critical homepage: https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate found: 2021-01-28 by: Armin Stock (Atos Germany) SEC Consult Vulnerability Lab An integrated part of SEC Consult, an Atos company Europe | Asia | North America https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "genugate Firewall: Well Protected Against Attacks Your level of IT security is determined largely at the interface between the Internet and the local network. The attacks from the outside and the data sent from the inside pass through this point. The High Resistance Firewall genugate satisfies the highest requirements: two different firewall systems – an application level gateway and a packet filter, each on separate hardware – are combined to form a compact solution. genugate is approved for classification levels German and NATO RESTRICTED and RESTREINT UE/EU RESTRICTED. genugate is certified according to CC EAL 4+" URL: https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate Business recommendation: ------------------------ The vendor provides a patched version for the affected products which should be installed immediately. Customers should also adhere to security best practices such as network segmentation and limiting access to the admin panel. This is also a requirement for certified and approved environments. Vulnerability overview/description: ----------------------------------- 1) Authentication bypass vulnerability (CVE-2021-27215) The Admin Web interface, the Sidechannel Web and Userweb interface can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data and returns OK for any authentication request. This allows an attacker to login to the admin panel with a user of his choice, e.g the root user with highest privileges or even a non-existing user. An attacker needs to have network access to the admin interface. Certified and approved environments mandate that the admin interface is only reachable through a strictly separated network. Nevertheless, it is a highly critical security vulnerability and must be patched immediately. Proof of concept: ----------------- 1) Authentication bypass vulnerability (CVE-2021-27215) During the authentication requests at the login page of the admin web interface, the Sidechannel Web and Userweb interface, certain HTTP POST parameters are passed to the server. By manipulating a specific parameter method, an attacker is able to bypass the authentication easily and login as arbitrary user. [ Detailed proof of concept removed ] A proof of concept video is available at https://youtu.be/Wfj3-6UBkzg Vulnerable / tested versions: ----------------------------- The versions 9.6 p0 and 9.6 p6 of the Genua GenuGate firewall were tested and found to be vulnerable. The p6 version was the latest version at the time of discovery. The supported and released product versions 9.0, 9.0 Z and 10.1 are affected as well. Vendor contact timeline: ------------------------ 2021-01-29 | Contacting vendor through security@genua.de Asking for an S/MIME certificate or GnuGP key to be able to send an encrypted report 2021-01-29 | Received GnuGP key from vendor and sent encrypted (PGP) report. 2021-01-29 | Vendor confirmed the issue and is working on a patch. 2021-02-02 | Vendor released a patch for the affected products. 2021-02-15 | Informing CERT-Bund and CERT.at about the upcoming advisory release. 2021-02-17 | Coordination call with vendor. 2021-03-01 | Coordinated release of security advisory. Solution: --------- The vendor provides a patched version for the affected and supported products which should be installed immediately. The patch can be downloaded in genugate GUI or by calling 'getpatches' on the command line interface. Additional information can be viewed at the vendor's support page: https://kunde.genua.de/en/overview/genugate.html # 0day.today [2024-10-06] #