CVE-2021-4105

The vulnerability, classified as CVE-2021-4105, is an Improper Handling of Parameters issue in BG-TEK's COSLAT Firewall. This flaw allows remote adversaries to inject and execute arbitrary code on the affected appliance. The root cause lies in insufficient validation or sanitization of user-supplied parameters, enabling code injection attacks.

Exploitation requires no authentication and can be carried out over the network, leveraging the firewall's management interface or other services that process parameter input. An attacker can craft malicious requests targeting the vulnerable parameter handling, leading to code execution with high privileges.

Successful exploitation results in Remote Code Inclusion, granting the attacker full control over the firewall device. This can lead to complete compromise of the network security boundary, allowing data exfiltration, rule manipulation, and lateral movement within the organization's infrastructure.

The vendor, BG-TEK, released a critical security update on July 27, 2021, in version 5.24.0.R.20210727, which addresses the vulnerability [1]. Users are strongly advised to upgrade to the patched version immediately. No alternative mitigation measures have been disclosed, and given the critical severity, prompt action is essential.