AppGate Security Advisory
First published 2017-05-18
Last updated 2017-05-18
Information Disclosure via Management Interface.
A vulnerability exists in the Management Interface (default port 444), that could allow unauthorized access to the local files on the Controllers.
AppGate (previously known as AppGate XDP) appliances with Controller role, version 3.1.1 and earlier.
AppGate Classic servers are not affected.
Upgrade AppGate controllers to version 3.1.2 or later. Customers can download the latest version of AppGate from the Downloads tab made available to them once they have logged into Cryptzone's Support Portal. The latest version of the AppGate Upgrade Image for can be found here:
Details for how to upgrade appliances can be found in the Administration Guide at https://help.cryptzone.com and navigate to General Administration >> Managing Appliances >> Upgrading appliances.
Workaround and Mitigations
Restrict Management Interface IP Access to trusted Gateways and Clients. Require that the AppGate Client be used for Management User Interface access, through the creation of appropriate AppGate entitlements.