vendor:
NG Firewall
by:
Matt Bush
7,5
CVSS
HIGH
Command Injection
Not available
CWE
Product Name: NG Firewall
Affected Version From: 11.2
Affected Version To: 12.1.0 beta
Patch Exists: NO
Related CWE: Not yet assigned
CPE: Not available
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2016
Untangle NGFW <= v12.1.0 beta execEvil() authenticated root CI exploit
A command injection vulnerability exists in Untangle NG Firewall, which allows non-root authenticated users to execute system commands with root privileges. This exploit has been tested on Untangle NG Firewall versions 11.2, 12, 12.0.1, and 12.1.0 beta, but should work on previous versions. The client-side sanitisation issues identified in the disclosure post can be exploited with a web app proxy. This exploit leverages the vulnerable function directly. Credentials can be obtained by sniffing unsecured HTTP logins (which the appliance defaults to).
Mitigation:
Secure HTTP logins and ensure client-side sanitisation is in place.
