Posted by Hutton on Mar 09

Multiple issues have been discovered in the Untangle NGFW virtual
appliance. The vendor was unresponsive and uncooperative to the researcher.

– Persistent XSS leading to root
Authentication requiredConfirmed in versions 9 and 11 (up to rev r39357)
Throughout
the Untangle user interface there are editable data tables for various
user configuration options. An example of this is in: Configuration >
Networking > Port Forwards. This table…