FPSA004: Authorization Bypass
Summary
Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Affected Products
WARP
10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).
Details
Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Workarounds
There are no workarounds that address this vulnerability. To mitigate the vulnerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources.
Fixed Software
10.1.2r60p91 or later
10.2.2r42 or later
Source
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php