MidnightBSD

Advisories for antlabs

CVE-2015-0932 HIGH

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
antlabs inngate_ig_3.01_e *
antlabs inngate_ig_3.02_e *
antlabs inngate_ig_3.00_e *
antlabs inngate_ig_3100 *
antlabs inngate_ig_3101 *
antlabs inngate_ig_3.10_g *
antlabs inngate_ig_3.10_e *
CVE-2015-2849 HIGH

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
antlabs inngate_sg_4 -
antlabs inngate_ssg_4 -
antlabs inngate_ig_3.10_e -
antlabs inngate_ig_3100 -
antlabs inngate_ig_3.01_e -
antlabs inngate_ig_3.10_m -
CVE-2015-2850 MEDIUM

Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
antlabs inngate_sg_4 -
antlabs inngate_ssg_4 -
antlabs inngate_ig_3.10_e -
antlabs inngate_ig_3100 -
antlabs inngate_ig_3.01_e -
antlabs inngate_ig_3.10_m -