Platform
linux
Component
endian-firewall
Opgelost in
3.3.26
CVE-2026-34791 is een Command Injection kwetsbaarheid in Endian Firewall. Deze kwetsbaarheid stelt een geauthenticeerde gebruiker in staat om willekeurige OS commando's uit te voeren via de DATE parameter in /cgi-bin/logs_proxy.cgi. De DATE parameter wordt gebruikt om een bestandspad te construeren dat wordt doorgegeven aan een Perl open() call, wat command injection mogelijk maakt door onvolledige reguliere expressie validatie. Endian Firewall versies 3.3.25 en eerder zijn getroffen. Er is momenteel geen officiële patch beschikbaar.
CVE-2026-34791 in Endian Firewall versions 3.3.25 and prior allows authenticated users to execute arbitrary OS commands. This is achieved by manipulating the DATE parameter in the /cgi-bin/logs_proxy.cgi URL. Insufficient regular expression validation when processing this parameter leads to command injection. An authenticated attacker could exploit this flaw to execute malicious code, compromising the confidentiality, integrity, and availability of the firewall and potentially gaining access to the protected network. The vulnerability's severity is rated 8.8 on the CVSS scale, indicating a high risk.
An attacker needs to have authenticated access to the Endian firewall's administration panel. Once authenticated, they can manipulate the DATE parameter in the /cgi-bin/logs_proxy.cgi URL to inject OS commands. The vulnerability lies in how the DATE parameter is used to construct a file path that is passed to a Perl open() call. The regular expression validation is inadequate, allowing an attacker to inject special characters that are interpreted as OS commands. These commands are executed with the privileges of the user running the firewall process, which could be a user with elevated privileges.
Exploit Status
EPSS
0.49% (66% percentiel)
CISA SSVC
CVSS-vector
Currently, there is no official fix provided by Endian for this vulnerability. The most effective mitigation is to upgrade to an Endian firewall version later than 3.3.25 as soon as it becomes available. In the meantime, restrict access to the firewall's administration panel to authorized users and monitor system logs for suspicious activity. Implementing a least privilege policy, where users only have the permissions necessary to perform their tasks, can also help limit the impact of a potential exploitation. Consider network segmentation to isolate the firewall from other critical systems.
Actualice Endian Firewall a una versión posterior a la 3.3.25 para corregir la vulnerabilidad de inyección de comandos. Consulte la documentación de Endian para obtener instrucciones sobre cómo realizar la actualización.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
It's a unique identifier for this specific vulnerability in the Endian firewall.
All versions prior to 3.3.25 are vulnerable.
Review system logs for unusual commands or suspicious activity. Look for any indication of command execution that is not related to the firewall's normal functions.
Currently, there are no specific tools available, but it is recommended to perform a vulnerability scan with generic tools and review system logs.
Immediately isolate the firewall from the network, change all user passwords, and contact Endian support for assistance.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.