Flaw threatens SME security devices
Published: 02 Jul 2007 17:39 BST
A flaw affecting eight vendors' Universal Threat Management security appliances was identified by US-based security firm Calyptix last week.
Calyptix said the Universal Threat Management (UTM) devices are vulnerable to a Cross-Site Request Forgery (CSRF) attack, which means an attacker could gain control of the security device — but only if the device administrator was tricked into simultaneously viewing a hostile web page while logged into the device.
One of the affected devices is Check Point's Safe@Office, which on Friday was the only vendor to have issued a patch for the flaw. Calyptix would not release the names of other vendors until the organisations had released a patch for the flaw.
The vulnerability is a "serious threat", according to Ty Miller, chief technician at penetration-testing specialists, Pure Hacking.
Watch this
Dialogue Box 3.10: Memory lane
There are a number of runners and riders in the next-generation memory stakes; Dialogue Box has the inside track, plus highlights from series 3
"[It] allows an attacker to exploit an authenticated section of a web application without them requiring authentic credentials," said Miller.
Industry analyst, James Turner of IBRS Consulting, said that while the vulnerability is serious, the risk of being attacked is low because only smaller organisations typically see the vulnerable devices, and the vulnerability is difficult to exploit.
"I can imagine there are easier ways of achieving a result. Some large enterprises will have deployed UTMs at remote sites but really no large enterprise is going to be using UTMs," Turner said.
Turner also believes there is "safety in numbers" because UTM use is widespread. "Statistically that reduces everyone's likelihood of being attacked, which is cold comfort for those that get attacked using this vector."
Calyptix advises users to disable JavaScript and warns against operating multiple tabs when managing a device. The company also recommends that the web-management interface should be run on a non-standard address. In addition, it warns that any device more than a few years' old are likely be vulnerable to the flaw.
Did you find this article useful?
1 out of 4 people found this useful
- Share this article:
