FPSA004: Authorization Bypass

Summary

Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Affected Products

WARP

10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).

Details

Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Workarounds

There are no workarounds that address this vulnerability. To mitigate the vulnerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources.

Fixed Software

10.1.2r60p91 or later
10.2.2r42 or later

Source
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php