Security News > 2021 > March > Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall
A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult.
Genua Genugate is a firewall designed for protecting internal networks against external threats, segmenting internal networks, and protecting machine-to-machine communications.
SEC Consult on Monday revealed that the Genugate firewall is affected by a critical authentication bypass vulnerability in the product's administration interfaces.
"An attacker is able to gain full admin/root access rights within the admin web interface, which enables reconfiguration of the whole firewall, such as firewall ruleset, email filtering configuration, web application firewall settings, proxy settings, etc," SEC Consult told SecurityWeek.
SEC Consult clarified in its advisory, "Certified and approved environments mandate that the admin interface is only reachable through a strictly separated network. Nevertheless, it is a highly critical security vulnerability and must be patched immediately."
The vulnerability appears to affect all versions of the firewall.