Horizon Alert
Summary of the vulnerability and why it matters
A vulnerability in BG-TEK COSLAT Firewall allows for remote code inclusion, enabling unauthorized execution of code. This is significant because firewalls are critical security devices, and a compromise could allow an attacker to bypass security controls and gain deeper access to the network.
- Attackers can execute arbitrary code.
- Affects internet-facing firewalls.
- Grants broad access and control.
Attack Path
How an attacker could exploit the issue
An attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable COSLAT Firewall. This could allow them to remotely include arbitrary code, leading to full system compromise.
- No authentication required.
- Network accessible interface targeted.
- Default credentials could increase risk.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability in BG-TEK COSLAT Firewall allows for remote code inclusion, which attackers generally find attractive due to its potential for system compromise. The ease of exploitation and direct impact on a critical network device make it a compelling target, though specific attack trends are not yet widely observed.
- Internet-facing firewall device.
- Remote code inclusion vulnerability.
- Affects multiple firmware versions.
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize immediate patching for all affected BG-TEK COSLAT Firewall devices. If patching is not immediately feasible, isolate these devices from the network or restrict external access to their administrative interfaces to prevent exploitation of the remote code inclusion vulnerability.
- Apply update to version 5.24.0.R.20210727.
- Block external administrative access.
- Monitor network traffic for suspicious activity.
