Sreedev Kumar

**Name of the Vulnerable Software and Affected Versions** Tacitine Firewall versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1 **Description** This issue exists due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this by sending a specially crafted http request on the targeted device. Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device. **Recommendations** For Tacitine Firewall versions 19.1.1 through 22.20.1, consider disabling the web-based management interface until a patch is available. For EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1, restrict access to the web-based management interface to minimize the risk of exploitation. For EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1, avoid using the web-based management interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tacitine Firewall versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1 **Description** This issue is due to an insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this by sending a specially crafted http request on the targeted device. Successful exploitation could allow an unauthenticated remote attacker to view sensitive information on the targeted device. **Recommendations** For versions 19.1.1 through 22.20.1 of Tacitine Firewall, EN6200-PRIME QUAD-35, and EN6200-PRIME QUAD-100, consider restricting access to the web-based management interface until a patch is available. As a temporary workaround, avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tacitine Firewall versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1 **Description** This issue is due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this by sending a specially crafted http request on the targeted device. Successful exploitation could allow an unauthenticated remote attacker to perform session fixation on the targeted device. **Recommendations** For Tacitine Firewall versions 19.1.1 through 22.20.1, update to a version outside of this range to resolve the issue. For EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1, update to a version outside of this range to resolve the issue. For EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.