According to Austrian cybersecurity consultancy SEC Consult, a crucial vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they’ve gained access to an organization’s network.
Internal networks are secured against external attacks, internal networks are segmented, and machine-to-machine communications are protected with Genua Genugate.
The company says that its Genugate firewall is the only one in the world to be given a “highly resistant” ranking by the German government, and that it complies with NATO’s “NATO Restricted” and the European Union’s “RESTREINT UE/EU RESTRICTED” data security criteria. Significant manufacturing, government, military, and other vital infrastructure organisations, according to the vendor, have used its goods.
However, this does not rule out the possibility that Genua’s firewalls are vulnerable to severe flaws.
The Genugate firewall’s administration interfaces are vulnerable to a crucial authentication bypass vulnerability (CVE-2021-27215), according to SEC Consult. An intruder with network access to an administration interface can take advantage of the bug to log in to the device’s admin panel as any user, including the root user, regardless of their password.
“An intruder will obtain full admin/root access rights inside the admin web interface, allowing them to reconfigure the entire firewall, including firewall rulesets, email filtering configuration, web application firewall settings, proxy settings, and so on,” according to SEC Consult. “Attackers may, for example, alter the configuration to gain access to networks that are otherwise inaccessible or reroute company traffic to an attacker-controlled proxy server.”
“Certified and licenced environments mandate that the admin interface is only reachable via a strictly segregated network,” SEC Consult explained in its advisory. Nonetheless, it is a critical security flaw that must be fixed immediately.”
Armin Stock of Atos Germany — the IT services giant Atos acquired SEC Consult last year — discovered the mistake. In late January 2021, the results were submitted to the vendor, and a patch was released only a few days later. The bug appears to be present in all versions of the firewall.
SEC Consult has released an advisory explaining the vulnerability, but no proof-of-concept (PoC) code has been made available. A video illustrating how an attack works has also been released by the company.