Hacking Appliances: Ironic exploits in security products
The paper will review research in 2012 conducted into the overall security posture of popular appliance-based security products, building on research carried out in 2011 by NCC Group.
The research focused on the most recent versions of widely used appliances from popular vendors in the IT Security industry covering:
- Firewalls and Multifunction Gateways
- Antispam and Antivirus filtering for Email
- Remote Access Gateways
In the majority of cases some serious flaws were identified which enabled the appliance to be compromised in some way and often a combination of flaws allowed an attacker to gain full control of the device.
Through the paper we will give specific examples of some of the most interesting vulnerabilities discovered during the study, including:
- Sophos Email Appliance: Typical issues and some post exploitation
- Citrix Access Gateway: SSH misconfiguration
- Pfsense: High risk UI functionality + password theft
- Symantec: XSS to attack admins via spam email