CVE-2021-33601

Arbitrary Code Execution in Web Interface of F-Secure Internet Gatekeeper

More information

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.

This issue and a proof-of-concept exploit was reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.  

Contributors

F-Secure Corporation would like to thank following person for bringing this issue to our attention.

Selim Enes Karaduman

Twitter

    Description

  • There is a denial-of-service vulnerability in the web interface of F-Secure Internet Gatekeeper 5 series product.
  • Status

  • Fixed
  • Risk level

  • Medium
  • Fix

  • Hotfix 9 has been published to fix this vulnerability. Download and instructions available at: https://download.f-secure.com/corpro/igk/igk5.50/fsigk-5-hf9.tar.gz
  • Affected products

  • Corporate Products: F-Secure Internet Gatekeeper 5 series
  • Platforms

  • All supported platforms for the affected products
  • Date issued

  • 28/9/2021
  • Security advisories
  • 2021
  • Medium