CVE-2015-2849

Name of the Vulnerable Software and Affected Versions ANTlabs InnGate firmware versions on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the ppli parameter when https is used.

Recommendations For ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, consider restricting access to the ppli parameter in the https endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.