Security News > 2021 > March > Firewall Vendor Patches Critical Auth Bypass Flaw
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products.
Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data.
"The High Resistance Firewall genugate satisfies the highest requirements: two different firewall systems - an application level gateway and a packet filter, each on separate hardware - are combined to form a compact solution. genugate is approved for classification levels German and NATO RESTRICTED and RESTREINT UE/EU RESTRICTED. genugate is certified according to CC EAL 4+". The vulnerable versions of the firewall include GenuGate versions below 10.1 p4; below 9.6 p7 and versions 9.0 and below Z p19.
The critical authentication bypass vulnerability stems from the GenuGate's various admin authentication methods.
Firewall vulnerabilities provide a dangerous route for attackers to infiltrate sensitive company networks.
In April, attackers started targeting the Sophos XG Firewall using a zero-day exploit, with the ultimate goal of dropping the Asnarok malware on vulnerable appliances.
News URL
https://threatpost.com/firewall-critical-security-flaw/164347/
Related news
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)