Vulners
Lucene search
Genua GenuGate High Resistance Firewall Authentication Bypass Vulnerability
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2021-27215 | 1 Mar 202118:13 | – | circl |
 | Genua high-resistance-firewall-genugate 访问控制错误漏洞 | 1 Mar 202100:00 | – | cnnvd |
 | CVE-2021-27215 | 3 Mar 202115:45 | – | cve |
 | CVE-2021-27215 | 3 Mar 202115:45 | – | cvelist |
 | EUVD-2021-13980 | 7 Oct 202500:30 | – | euvd |
 | CVE-2021-27215 | 3 Mar 202116:15 | – | nvd |
 | CVE-2021-27215 | 3 Mar 202116:15 | – | osv |
 | Authentication flaw | 3 Mar 202116:15 | – | prion |
 | CVE-2021-27215 | 9 Jan 202611:29 | – | redhatcve |
 | Firewall Vendor Patches Critical Auth Bypass Flaw | 1 Mar 202115:59 | – | threatpost |
10
=======================================================================
title: Authentication bypass vulnerability
product: Genua GenuGate High Resistance Firewall
vulnerable version: GenuGate <10.1 p4, <9.6 p7, <9.0/9.0 Z p19
fixed version: GenuGate 10.1 p4 (G1010_004), 9.6 p7 (G960_007)
9.0 and 9.0 Z p19 (G900_019)
CVE number: CVE-2021-27215
impact: critical
homepage: https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate
found: 2021-01-28
by: Armin Stock (Atos Germany)
SEC Consult Vulnerability Lab
An integrated part of SEC Consult, an Atos company
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"genugate Firewall: Well Protected Against Attacks
Your level of IT security is determined largely at the interface between the
Internet and the local network. The attacks from the outside and the data
sent from the inside pass through this point.
The High Resistance Firewall genugate satisfies the highest requirements:
two different firewall systems – an application level gateway and
a packet filter, each on separate hardware – are combined to form a compact
solution. genugate is approved for classification levels German and NATO
RESTRICTED and RESTREINT UE/EU RESTRICTED. genugate is certified according
to CC EAL 4+"
URL: https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate
Business recommendation:
------------------------
The vendor provides a patched version for the affected products which should
be installed immediately.
Customers should also adhere to security best practices such as network
segmentation and limiting access to the admin panel. This is also a requirement
for certified and approved environments.
Vulnerability overview/description:
-----------------------------------
1) Authentication bypass vulnerability (CVE-2021-27215)
The Admin Web interface, the Sidechannel Web and Userweb interface can use different
methods to perform the authentication of a user. A specific authentication method during
login does not check the provided data and returns OK for any authentication request. This
allows an attacker to login to the admin panel with a user of his choice, e.g the root
user with highest privileges or even a non-existing user.
An attacker needs to have network access to the admin interface. Certified and approved
environments mandate that the admin interface is only reachable through a strictly
separated network. Nevertheless, it is a highly critical security vulnerability and
must be patched immediately.
Proof of concept:
-----------------
1) Authentication bypass vulnerability (CVE-2021-27215)
During the authentication requests at the login page of the admin web interface, the
Sidechannel Web and Userweb interface, certain HTTP POST parameters are passed to the
server. By manipulating a specific parameter method, an attacker is able to bypass
the authentication easily and login as arbitrary user.
[ Detailed proof of concept removed ]
A proof of concept video is available at https://youtu.be/Wfj3-6UBkzg
Vulnerable / tested versions:
-----------------------------
The versions 9.6 p0 and 9.6 p6 of the Genua GenuGate firewall were tested and found
to be vulnerable. The p6 version was the latest version at the time of discovery.
The supported and released product versions 9.0, 9.0 Z and 10.1 are affected as well.
Vendor contact timeline:
------------------------
2021-01-29 | Contacting vendor through [email protected]
Asking for an S/MIME certificate or GnuGP key to be able to send
an encrypted report
2021-01-29 | Received GnuGP key from vendor and sent encrypted (PGP) report.
2021-01-29 | Vendor confirmed the issue and is working on a patch.
2021-02-02 | Vendor released a patch for the affected products.
2021-02-15 | Informing CERT-Bund and CERT.at about the upcoming advisory release.
2021-02-17 | Coordination call with vendor.
2021-03-01 | Coordinated release of security advisory.
Solution:
---------
The vendor provides a patched version for the affected and supported products
which should be installed immediately.
The patch can be downloaded in genugate GUI or by calling 'getpatches'
on the command line interface.
Additional information can be viewed at the vendor's support page:
https://kunde.genua.de/en/overview/genugate.html
# 0day.today [2021-09-13] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Mar 2021 00:00Current
0.5Low risk
Vulners AI Score0.5
CVSS 27.5
CVSS 3.19.8
EPSS0.00711