Charlie Lindholm

**Name of the Vulnerable Software and Affected Versions** AlgoSec Firewall Analyzer versions A33.0 through A33.10 **Description** A flaw exists in AlgoSec Firewall Analyzer that could allow a local user with command line access to elevate their privileges. This is due to improper handling of parameters within a command authorized in the sudoers file, potentially leading to privilege escalation and parameter injection. **Recommendations** Apply updates to versions beyond A33.10. As a temporary workaround, restrict access to the sudoers file to authorized personnel only. Review and minimize the parameters allowed within commands configured in the sudoers file.

**Name of the Vulnerable Software and Affected Versions** Algosec Firewall Analyzer versions A33.0 through build 320 Algosec Firewall Analyzer versions A33.10 through build 210 **Description** A Path Traversal issue exists in Algosec Firewall Analyzer on Linux, 64 bit. This allows for Path Traversal and Code Injection. The issue involves an improper limitation of a pathname to a restricted directory. **Recommendations** Update Algosec Firewall Analyzer to a build higher than 320 for version A33.0. Update Algosec Firewall Analyzer to a build higher than 210 for version A33.10.