Authentication bypass vulnerability found in NATO, EU approved firewall

A threat actor with network access to an admin interface could easily exploit the vulnerability to become a root user without any login credentials.
Authentication bypass vulnerability found in NATO, EU approved firewall

A threat actor with network access to an admin interface could easily exploit the vulnerability and log into the admin panel and become root users without entering login credentials.

SEC Consult, an Austria-based cybersecurity consultancy firm has identified a critical vulnerability in a firewall appliance developed by the German cybersecurity firm Genua.

The appliance called Genua Genugate is responsible to protect machine-to-machine communications, securing internal networks against external threats, and segmenting internal networks.




 

Genua Genugate is the only firewall in the world that has received a “highly resistant” ranking from the German government.

Moreover, it complies with NATO Restricted and the EU’s RESTREINT UE/EU RESTRICTED” data security regulations. The vulnerability affected all versions of the Genugate firewall.

The Concerning Aspect

According to SEC Consult, the firewall’s administration interfaces are vulnerable to an authentication bypass vulnerability classified as CVE-2021-27215.

A threat actor with network access to an admin interface can easily exploit the vulnerability and log into the admin panel and become root users without entering login credentials.

SEE: Backdoor account found in 100,000+ Zyxel Firewalls, VPN Gateways

After gaining admin/root access, explained SEC Consult, it becomes possible for an attacker to enable reconfiguration of the firewall, including “firewall ruleset, email filtering configuration, web application firewall settings, proxy settings, etc.”

For example, attackers can change the entire firewall’s configuration to access an unreachable system or reroute the organization’s traffic to “an attacker-controlled proxy server.”




 

SEC Consult Advisory

In its advisory, SEC Consult emphasized the need to patch the vulnerability soonest:

“Certified and approved environments mandate that the admin interface is only reachable through a strictly separated network. Nevertheless, it is a highly critical security vulnerability and must be patched immediately.”

The company also released a video to explain how the attack works.

World’s Best Firewall was Flawed!

Genua products are used extensively by the government, military, manufacturing, and organizations from diverse sectors. However, the fact that a vulnerability was discovered proves that even the world’s best software isn’t flawless.

SEE: Flaws in cybersecurity firm’s firewall & VPN tech exposed 100k+ devices

SEC Consult was acquired by IT sector giant Atos in 2020. Atos Germany’s Armin Stock discovered the vulnerability. The findings were reported to Genua in January 2021, and the company released a patch within a few days.




 

 Proof of concept video

Did you enjoy reading this article? Don’t forget to like our page on Facebook and follow us on Twitter

Related Posts