Fox-IT Fixes DataDiode Vulnerability

Friday, October 17, 2014 @ 03:10 PM gHale

Fox-IT created a fix for a cross-site request forgery (CSRF) vulnerability in the proxy server web administration interface for its DataDiode Appliance Proxy Server, according to a report on ICS-CERT.

Release 1.7.2 resolves the remotely exploitable vulnerability, discovered by Tudor Enache of HelpAG.

All Fox DataDiode Appliance versions up to and including 1.7.1 suffer from the issue.

CareFusion Mitigates Vulnerabilities
Siemens Heartbleed Update, Again
Unified Automation Heartbleed Vulnerability
Wonderware Patches Heartbleed Hole

Attackers can remotely exploit this vulnerability by leveraging social engineering to trick administrative users to add and delete administrative users and modify permissions. When this ends up exploited, it is possible for an attacker to gain administrative control of proxy server facing the network he has access to. Due to the architecture of this system, it may be possible to cause a denial-of-service (DoS). The Fox DataDiode itself does not suffer from the issue, so any information flow remaining will continue in the direction it normally does.

Delft, Netherlands-based Fox-IT’s product is a web-based administration tool used for the proxy server configuration for the Fox DataDiode. This product sees action in high security applications.

The administrative web interface of the Fox DataDiode proxy server is vulnerable to CSRF. By changing the configuration, the attacker can effectively disrupt the flow of information through the Fox DataDiode, resulting in a DoS.

CVE-2014-2358 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

No known public exploits specifically target this vulnerability.

Crafting a working exploit for this vulnerability would be difficult. Social engineering is one requirement to convince a user with administrative rights to click a malformed HTML file. In addition, there must be more user interaction to load the malformed file. This decreases the likelihood of a successful exploit.

Fox-IT released Version 1.7.2 of the Fox DataDiode Appliance that resolves the vulnerability. A Fox-IT product advisory titled “Fox DataDiode Appliance 1.7.2 advisory,” containing background and preparation information, as well as the upgrade instructions, is available by contacting the local Fox-IT customer support.

Fox-IT recommends the following actions:
• All users of the Fox DataDiode Appliance should upgrade their systems to Version 1.7.2.
• This installation consists of a reinstallation of the new version of the software. Therefore, the existing software configuration should end up exported before this upgrade. The user can then restore the configuration after the upgrade.
• Users should change all passwords of administrator and user accounts in the Fox DataDiode Appliance, plus passwords used for FTP/SSL connections.

Leave a Reply

You must be logged in to post a comment.