ISN 2020-06: IGEL Cloud Gateway (ICG) Various Vulnerabilities
Announced 15 July 2020
Score: High
Various security issues, among them 3 rated as high, have been discovered in IGEL Cloud Gateway (ICG) before version 2.02.100.
Details
A penetration test commissioned by IGEL has found an issue in the authentication mechanism between UMS and ICG. Furthermore, there were some missing or not strict enough authorization checks in the communication between UMS, ICG and the endpoint devices. Finally, there was information disclosure in the server status response and in the ICG log files.
Update Instructions
- Update to IGEL Cloud Gateway 2.02.100 or newer.