The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of SecurePlatform NGX: rule bypassing with a CIFS rule

Synthesis of the vulnerability 

When a rule contains CIFS service, all sessions from clients are allowed.
Vulnerable products: FW-1, VPN-1.
Severity of this weakness: 2/4.
Creation date: 09/09/2005.
Références of this bulletin: BID-14781, VIGILANCE-VUL-5184, VU#508209.

Description of the vulnerability 

CIFS service is predefined and is used for SMB/CIFS sessions of Windows shares.

When this service is in a rule, only 137/udp, 138/udp, 139/tcp and 445/tcp ports should be opened. However, every tcp, udp or icmp packet is accepted.

Therefore, source computers specified in this rule are allowed to connect on all services of destination computers.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as FW-1, VPN-1.

Our Vigil@nce team determined that the severity of this cybersecurity announce is medium.

The trust level is of type confirmed by a trusted third party, with an origin of intranet client.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat 

SecurePlatform NGX: creating a new CIFS group.
A workaround is to rename CIFS group to "CIFS_GROUP", and to check its usage.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities bulletins. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.