HKCERT Advisory: Critical Vulnerability in Enterprise Firewall Software

Summary

HKCERT has identified a critical vulnerability (CVSS 9.8) in the authentication module of a popular enterprise firewall solution. The vulnerability allows unauthenticated remote attackers to bypass the administrative interface and gain full control of the firewall appliance.

Affected Products

Enterprise firewall appliances running firmware versions prior to 7.4.2. Multiple organisations in Hong Kong’s financial and healthcare sectors are confirmed to be using affected versions.

Impact

Successful exploitation could allow an attacker to:

• Bypass all firewall rules and access protected internal networks
• Modify firewall configuration to redirect or block traffic
• Install persistent backdoors for ongoing access
• Intercept sensitive data passing through the firewall

Recommended Actions

1. Immediately update firmware to version 7.4.2 or later
2. If immediate update is not possible, restrict administrative access to trusted IP addresses only
3. Enable two-factor authentication for all administrative accounts
4. Monitor firewall logs for suspicious authentication attempts
5. Review network segmentation to limit blast radius if compromise occurs

HKISG Assessment

This vulnerability represents a significant risk to Hong Kong organisations. We recommend treating this as a priority patch and coordinating with your vendor for emergency firmware updates if needed.