| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| SMART EMS | < 3.1.4 | |
| VPN Security Suite | < 3.1.4 |
Welotec has been informed by an external source that the WebUI of the device management solution "SMART EMS" and the remote connectivity solution "VPN Security Suite" is vulnerable to so-called "Clickjacking" and advises to update to version v3.1.4 or later.
An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames.
Please see the CVE description.
Mitigation
This vulnerability can be mitigated with the use of an additional Reverse Proxy and / or Web Application Firewall protecting the WebUI.
Remediation
Update the software to version 3.1.4 or later and configure the Content Security Policy (CSP).
CERT@VDE coordinated with Welotec