VULHUB ™

VPNos is the firmware developed by VPNet technologies for use on their VPN Service Units (VSUs). A problem exists in the firmware that could allow a remote user unauthorized access. The problem occurs in the source routing of sessions. It is possible to bypass any access control and key negotiation to initiate a session with a machine on the private network by sending all packets through the VSU with a source route including the IP of the VSU. It is possible to communicate with internal hosts in this fashion with both ICMP and TCP. This condition makes it possible for a malicious user to communicate with, and potentially exploit hosts within the private network.

VPNos is the firmware developed by VPNet technologies for use on their VPN Service Units (VSUs). A problem exists in the firmware that could allow a remote user unauthorized access. The problem occurs in the source routing of sessions. It is possible to bypass any access control and key negotiation to initiate a session with a machine on the private network by sending all packets through the VSU with a source route including the IP of the VSU. It is possible to communicate with internal hosts in this fashion with both ICMP and TCP. This condition makes it possible for a malicious user to communicate with, and potentially exploit hosts within the private network.