A threat actor with network access to an admin interface could easily exploit the vulnerability and log into the admin panel and become root users without entering login credentials.
SEC Consult, an Austria-based cybersecurity consultancy firm has identified a critical vulnerability in a firewall appliance developed by the German cybersecurity firm Genua.
The appliance called Genua Genugate is responsible to protect machine-to-machine communications, securing internal networks against external threats, and segmenting internal networks.
Genua Genugate is the only firewall in the world that has received a “highly resistant” ranking from the German government.
Moreover, it complies with NATO Restricted and the EU’s RESTREINT UE/EU RESTRICTED” data security regulations. The vulnerability affected all versions of the Genugate firewall.
The Concerning Aspect
According to SEC Consult, the firewall’s administration interfaces are vulnerable to an authentication bypass vulnerability classified as CVE-2021-27215.
A threat actor with network access to an admin interface can easily exploit the vulnerability and log into the admin panel and become root users without entering login credentials.
After gaining admin/root access, explained SEC Consult, it becomes possible for an attacker to enable reconfiguration of the firewall, including “firewall ruleset, email filtering configuration, web application firewall settings, proxy settings, etc.”
For example, attackers can change the entire firewall’s configuration to access an unreachable system or reroute the organ ..