Security Advisories
FSC-2019-3: Unauthenticated Remote Code Execution in F-Secure Internet Gatekeeper
Description
Vulnerability in web user interface of the F-Secure Internet Gatekeeper can lead to remote code execution.
STATUS: RESOLVED.
ACTION REQUIRED: User action is required; see details below.
RISK LEVEL: CRITICAL.
Affected Products
Corporate Products:
- F-Secure Internet Gatekeeper version 5.50 and below
- F-Secure Internet Gatekeeper Virtual Appliance version 5.50 and below
Platforms
- All supported platforms for the affected products
More Information
A vulnerability was discovered in the web user interface of the F-Secure Internet Gatekeeper product. An unauthenticated user can cause a heap overflow by issuing a malformed HTTP request to the web user interface. A successful attack can lead to remote code execution on the F-Secure Internet Gatekeeper server.
This issue and a Proof-of-Concept exploit was reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.
Fix Available
| Product | Versions | Fix |
|---|---|---|
| F-Secure Internet Gatekeeper | 5.40 – 5.50 | Hotfix 8 has been published to fix this vulnerability. Download and instructions on: Note: |
| F-Secure Internet Gatekeeper Virtual Appliance |
5.40 – 5.50 | Hotfix 8 has been published to fix this vulnerability. Download and instructions on: Note: |
Credits
F-Secure Corporation would like to thank Kevin Joensen for bringing this issue to our attention.
Date Issued: 2019-07-11