CVE-2022-40628

Name of the Vulnerable Software and Affected Versions Tacitine Firewall versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1

Description This issue exists due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this by sending a specially crafted http request on the targeted device. Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.

Recommendations For Tacitine Firewall versions 19.1.1 through 22.20.1, consider disabling the web-based management interface until a patch is available. For EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1, restrict access to the web-based management interface to minimize the risk of exploitation. For EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1, avoid using the web-based management interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.