Vulnerability in web user interface of the F-Secure Internet Gatekeeper can lead to remote code execution.
STATUS: RESOLVED.
ACTION REQUIRED: User action is required; see details below.
RISK LEVEL: CRITICAL.
Corporate Products:
A vulnerability was discovered in the web user interface of the F-Secure Internet Gatekeeper product. An unauthenticated user can cause a heap overflow by issuing a malformed HTTP request to the web user interface. A successful attack can lead to remote code execution on the F-Secure Internet Gatekeeper server.
This issue and a Proof-of-Concept exploit was reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.
Product | Versions | Fix |
---|---|---|
F-Secure Internet Gatekeeper | 5.40 – 5.50 | Hotfix 8 has been published to fix this vulnerability. Download and instructions on: Note: |
F-Secure Internet Gatekeeper Virtual Appliance |
5.40 – 5.50 | Hotfix 8 has been published to fix this vulnerability. Download and instructions on: Note: |
F-Secure Corporation would like to thank Kevin Joensen for bringing this issue to our attention.
Date Issued: 2019-07-11