CVE-2022-40629

Name of the Vulnerable Software and Affected Versions Tacitine Firewall versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1

Description This issue is due to an insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this by sending a specially crafted http request on the targeted device. Successful exploitation could allow an unauthenticated remote attacker to view sensitive information on the targeted device.

Recommendations For versions 19.1.1 through 22.20.1 of Tacitine Firewall, EN6200-PRIME QUAD-35, and EN6200-PRIME QUAD-100, consider restricting access to the web-based management interface until a patch is available. As a temporary workaround, avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.