Oliver's Blog Yet Another Needless BLOG

26.8.2015

Octogate UTM Admin Interface Directory Traversal

Filed under: Advisories,Allgemein — oliver.karow @ 16:32

October last year, I had a quick look at the Octogate UTM (virtual) Appliance, which is an Application Firewall, Deep Inspection Firewall, Intrusion Detection and Prevention device for SMB.
Because of limited spare time, I stopped after I discovered the first vulnerability. In this case, I was able to access all configuration files and scripts, inside and outside of the webroot, with the privileges of the httpd, without authentication.

Today, after approx 10 month, I decided to clean up my HDD, and to publish an Advisory, which you can find here: http://www.oliverkarow.de/research/octogate.txt

One little step into a more secure world 😉

Powered by WordPress