Check Point suggests ways to thwart Admin WebUI exploits

Check Point Software Technologies announced that its Security Research Group has discovered vulnerabilities in the Admin WebUI portals of three network security vendors.

With these, hackers could get administrative control over the vendors’ security gateways, potentially leaving business networks exposed to attacks.

In the wake of the recent ShellShock WebUI vulnerability, these additional vulnerabilities further increase exposure for certain security vendors, Check Point said.

The vulnerabilities were discovered using a combination of Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF) and Phishing attacks.

The WebUI approach introduces multiple attack vectors and the research has shown 21 of 23 network security vendors use a WebUI to manage their product security configuration, says Oded Vanunu, security research group manager at Check Point Software Technologies.

According to Check Point, Admin WebUI exploits can be mitigated by adopting the following:

  • Use a dedicated web browser to manage the WebUI of security devices. Do not use this browser to open and use links from incoming emails, no matter how plausible the email seems to be.
  • Use a dedicated management network (physical or logical) that is separate from the users’ Local Area Network (LAN).
  • Use a dedicated server that is connected only to the security devices and has no connection to the public Internet. This dedicated server can be managed remotely via a terminal server or VPN connection using strong, two-factor authentication.

[email protected]