CVE-2022-45778 in Firewall SG-6000
Summary
by MITRE • 12/28/2022
https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/14/2025
The vulnerability identified as CVE-2022-45778 represents a critical access control flaw in Hillstone Firewall SG-6000 series devices running firmware versions up to and including 5.0.4.0. This issue manifests as a permission bypass vulnerability within the web application firewall component, specifically affecting the report.m module which serves as a critical administrative interface. The flaw allows unauthenticated attackers to escalate their privileges and gain super administrator access to the firewall's management console, fundamentally compromising the device's security posture and potentially providing complete control over network traffic filtering and security policies.
The technical nature of this vulnerability stems from improper access control implementation within the web application layer of the firewall system. The report.m module contains a configuration error that fails to properly validate user permissions and authentication status before granting administrative access. This misconfiguration creates a path where an attacker can manipulate the application's access control mechanisms to bypass normal authentication procedures and assume elevated privileges without proper authorization. The vulnerability aligns with CWE-285, which addresses improper authorization issues in software systems, and represents a classic example of how weak access control validation can lead to privilege escalation attacks.
The operational impact of this vulnerability extends far beyond simple unauthorized access, as it provides attackers with complete administrative control over the firewall's configuration and monitoring capabilities. Once an attacker achieves super administrator privileges, they can modify security policies, create backdoor access points, monitor network traffic, and potentially redirect traffic through malicious proxies. This level of access effectively neutralizes the firewall's protective capabilities and transforms the device from a security asset into a potential attack vector. The implications are particularly severe in network environments where firewalls serve as primary security controls, as this vulnerability could enable attackers to bypass multiple layers of network security and gain access to sensitive internal systems.
Organizations utilizing Hillstone SG-6000 firewalls with affected firmware versions should immediately implement mitigations including firmware updates to the latest available releases, which contain patches addressing the access control flaw. Network segmentation strategies should be employed to limit exposure of these devices to untrusted networks, while monitoring systems should be enhanced to detect anomalous administrative access patterns. The ATT&CK framework categorizes this vulnerability under privilege escalation techniques, specifically noting how misconfigured access controls can be exploited to gain elevated system privileges. Security teams should also consider implementing additional authentication layers and regular access control reviews to prevent unauthorized administrative access, as this vulnerability demonstrates how a single configuration error can completely compromise network security infrastructure.