Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

AppGate Security Advisory - Information Disclosure via Management Interface

« Go Back

Information

 
Article Number000003744
Article

AppGate Security Advisory

ID: 2017-05-0001
 
First published             2017-05-18
Last updated               2017-05-18

Title

Information Disclosure via Management Interface.
 

Summary

 A vulnerability exists in the Management Interface (default port 444), that could allow unauthorized access to the local files on the Controllers.
 

Severity

 High
 

Products Affected

AppGate (previously known as AppGate XDP) appliances with Controller role, version 3.1.1 and earlier.
 
AppGate Classic servers are not affected.
 

Suggested Action

Upgrade AppGate controllers to version 3.1.2 or later. Customers can download the latest version of AppGate from the Downloads tab made available to them once they have logged into Cryptzone's Support Portal. The latest version of the AppGate Upgrade Image for can be found here:

https://cryptzone.force.com/success/s/download/a1C600000054hgWEAQ?t=1495544162929

Details for how to upgrade appliances can be found in the Administration Guide at https://help.cryptzone.com and navigate to General Administration >> Managing Appliances >> Upgrading appliances.

Workaround and Mitigations

Restrict Management Interface IP Access to trusted Gateways and Clients. Require that the AppGate Client be used for Management User Interface access, through the creation of appropriate AppGate entitlements.
 
Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255