Title: VPNet VSU IP Bridging Vulnerability
Severity: HIGH
Description:
VPNos is an operating system designed for the VPNet VPN Service Units, by VPNet Technologies. A problem exists in the firmware that could allow a user access to restricted resources.
The problem occurs in the bridging capabilities of the firmware. It is possible to bridge insecure traffic across the VSU by abusing a system on the same segment of public network as the VSU. This can be done by adding a second address to the interface of the machine local to the VSU. The address should be one of the internal private network guarded by the VSU. It is necessary to add a routing entry to make the VSU gateway traffic for the aliased IP Address. This flaw makes it possible for a malicious user with access to a system on the same segment of network as the VSU to access and potentially exploit restricted resources.
This vulnerability has been received by VPNet Technologies. VPNet Technologies has responded to this issue, and after testing this vulnerability in various scenarios, have been unable to reproduce this problem. This vulnerability remains unverified.
Affected Products:
- VPNet Technologies VPNos 3.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
