Plattform
linux
Komponente
endian-firewall
Behoben in
3.3.26
CVE-2026-34795 is a command injection vulnerability affecting Endian Firewall versions 3.3.25 and prior. This vulnerability allows authenticated users to execute arbitrary operating system commands by manipulating the DATE parameter in the /cgi-bin/logs_log.cgi script. The incomplete validation on the DATE parameter leads to command injection via a Perl open() call. No official patch is currently available.
CVE-2026-34795 in Endian Firewalls versions 3.3.25 and prior allows authenticated users to execute arbitrary operating system commands. This is achieved by manipulating the DATE parameter in the URL /cgi-bin/logs_log.cgi. Insufficient regular expression validation when processing this parameter allows for command injection. An authenticated attacker could exploit this vulnerability to gain unauthorized access to the firewall's underlying system, potentially compromising the protected network. The CVSS severity score is 8.8, indicating a high risk. Successful exploitation could result in remote code execution, modification of firewall configuration, or theft of sensitive information.
The vulnerability is exploited by sending an HTTP request to /cgi-bin/logs_log.cgi with a malicious DATE parameter. This parameter contains operating system commands embedded within a string that the firewall interprets as a filename. Due to incomplete regular expression validation, the firewall cannot properly filter these commands, allowing them to be executed. Authentication is required to exploit this vulnerability, meaning the attacker must have valid credentials to access the firewall. The complexity of exploitation is relatively low, as it does not require advanced technical skills.
Exploit-Status
EPSS
0.49% (66% Perzentil)
CISA SSVC
CVSS-Vektor
Currently, there is no official fix provided by Endian for this vulnerability. The most effective mitigation is to upgrade to an Endian Firewall version later than 3.3.25 as soon as it becomes available. In the meantime, it is recommended to restrict access to the firewall's administration interface to authorized users only and with strong passwords. Monitoring the firewall logs for suspicious activity can also help detect and respond to potential attacks. Implementing proper network segmentation can limit the impact of a potential exploitation. Consider implementing an Intrusion Detection System (IDS) to identify attack patterns related to command injection.
Actualice Endian Firewall a una versión posterior a la 3.3.25. Esto solucionará la vulnerabilidad de inyección de comandos en el parámetro DATE del script logs_log.cgi.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Ein CVSS-Score von 8.8 deutet auf ein hohes Risiko hin. Es bedeutet, dass die Schwachstelle leicht auszunutzen ist und erhebliche Auswirkungen auf die Systemsicherheit haben kann.
Beschränken Sie den Zugriff auf die Verwaltungs-Schnittstelle, verwenden Sie starke Passwörter und überwachen Sie die Firewall-Protokolle.
Derzeit gibt es keine spezifischen Tools, aber ein IDS kann helfen, Angriffsmuster zu erkennen.
Jeder Betriebssystembefehl, für dessen Ausführung der authentifizierte Benutzer berechtigt ist.
KEV (Known Exploitable Vulnerability) bedeutet, dass die Schwachstelle einen öffentlich verfügbaren Exploit hat. In diesem Fall ist KEV 'nein', was bedeutet, dass kein aktiver öffentlicher Exploit bekannt ist.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.