Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 33 subscribers
  • Views 4535 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 - XG Firewall Vulnerability - SQL Injection - HTTPS 8443 Port

VikenNajarian

Hello,

 

I have checked all the firewalls I'm managing for my custommers and all I can say is that on 46 firewalls that I manage, 9 have been compromised with this SQL injection. The only thing which differs on the 9 compromised firewalls compared to the 37 others, is the HTTPS port used for the User Portal.

The 9 compromised firewalls were using the 8443 HTTPS port for User Portal. The 37 other firewalls are not using this port, but another one and they are not affected by this attack.

 

So maybe the vulnerability can only affect the firewalls with the 8443 HTTPS port on the user portal ?

 

Regards.



This thread was automatically locked due to age.
Parents
  • 0

    My experience so far has been every firewall 17.5.x has reported that it's been partially cleaned.  Most of them are using 443 for the user portal.  I've had one firewall that had NO services allowed from the WAN and it's telling me that it's been partially cleaned so I'm not sure that I believe the hotfix message.  Either that or there is some other attack vector that we haven't been made aware of.

  • 0 in reply to AdamB

    Disregard,  I was just informed that the services were disabled yesterday for a PCI compliance scan.  Still, it would have been nice to get notice of this vulnerability closer to the 22nd when it was discovered so at least we could have shutdown public facing services until there was a patch.

Reply
  • 0 in reply to AdamB

    Disregard,  I was just informed that the services were disabled yesterday for a PCI compliance scan.  Still, it would have been nice to get notice of this vulnerability closer to the 22nd when it was discovered so at least we could have shutdown public facing services until there was a patch.

Children
No Data