Radware has confirmed that the vulnerabilities related to its Cloud Web Application Firewall identified in 2024 were addressed in 2023. Despite initial lack of acknowledgment from Radware, the issues were fixed shortly after reporting, with one resolved immediately and the other through global signature updates.
Affected: Radware Cloud WAF and its customers
Affected: Radware Cloud WAF and its customers
Keypoints
- Vulnerabilities CVE-2024-56523 and CVE-2024-56524 in Radwareβs Cloud WAF were disclosed in an advisory from CERT/CC.
- Threat actors could have exploited these flaws via filter bypass techniques using crafted HTTP requests.
- Radware clarified that both issues were addressed in 2023, with one resolved immediately and the other via a global signature update.
- Initial disclosure was not acknowledged by Radware, and the company did not respond to early inquiries from SecurityWeek.
- The vulnerabilities involved bypass methods like adding random data or special characters in HTTP requests.
- Researcher Oriol Gegundez reported the issues, which Radware appreciated as responsible disclosure.
- Radware committed to continuously improving security and provided configuration guidelines to affected customers upon request.
Read More: https://www.securityweek.com/radware-says-recently-disclosed-waf-bypasses-were-patched-in-2023/