CVE-2012-2632

Name of the Vulnerable Software and Affected Versions SEIL routers versions SEIL/x86 1.00 through 2.35 SEIL/X1 versions 2.30 through 3.75 SEIL/X2 versions 2.30 through 3.75 SEIL/B1 versions 2.30 through 3.75

Description The issue arises when the http-proxy and application-gateway features are enabled, and the device fails to properly handle the CONNECT command. This allows remote attackers to bypass intended URL restrictions via a TCP session.

Recommendations For SEIL/x86 versions 1.00 through 2.35, disable the http-proxy and application-gateway features until a patch is available. For SEIL/X1 versions 2.30 through 3.75, restrict access to the application-gateway feature to minimize the risk of exploitation. For SEIL/X2 versions 2.30 through 3.75, consider disabling the http-proxy feature as a temporary workaround. For SEIL/B1 versions 2.30 through 3.75, avoid using the CONNECT command in the affected TCP sessions until the issue is resolved.