According to NCC Group, security appliances sold by different vendors and used in production environments are based on Linux with outdated or old kernel versions that are vulnerable to some or other kind of exploits. Presenting the findings at the Black Hat Europe 2013 security conference, Ben Williams of NCC Group revealed that on top of the not so properly maintained Linux, even the web applications that provide the front end aka GUI for the appliance are insecure.
Products from multiple vendors like Symantec, Trend Micro, Cisco, McAfee and Citrix were tested by Williams. The researcher found 80 per cent of the products riddled with vulnerabilities, which for an experienced professional wouldn’t take long to discover. According to the penetration tester majority of the vulnerabilities were in the graphical user interface of the products, which as revealed earlier were based on vulnerable web applications.
Some of the common vulnerabilities found in almost all products were inability to protect against brute-force password cracking attempts; cross-site scripting flaws; cross-site request forgery; command injection vulnerabilities and privilege escalation.
According to Williams there were instances of direct-authentication bypasses; out-of-band cross-site scripting; and SSH misconfiguration as well but, these were less frequent as compared to other attacks.
Williams has detailed his findings in a white paper [PDF] with recommendations for users and vendors.