CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches

A newly discovered vulnerability in Imperva SecureSphere, a widely used on-premise Web Application Firewall (WAF), has the potential to expose organizations to devastating security breaches. The flaw, designated CVE-2023-50969 with a critical CVSS score of 9.8, could allow attackers to bypass security rules designed to prevent common web attacks like SQL injection and cross-site scripting.

The Flaw

Image: Hoyahaxa

Security researcher HoyaHaxa has revealed technical details of the vulnerability, demonstrating how a malicious actor could exploit it. By manipulating the “Content-Encoding” headers in HTTP requests and sending specifically encoded POST data, attackers can effectively slip malicious payloads past the WAF’s defenses. Successful exploitation would enable attackers to target vulnerabilities within applications that the WAF was supposed to protect.

Who’s Affected?

Imperva has confirmed that the CVE-2023-50969 vulnerability affects specific versions of SecureSphere WAF. Organizations with the following setup are at risk:

  • Imperva SecureSphere WAF v14.7.0.40.
  • Any version of Imperva SecureSphere without the Application Defense Center (ADC) update was released on February 26, 2024.

Imperva Cloud WAF customers are not affected.

What You Should Do

If your organization uses Imperva SecureSphere WAF, it’s imperative to act immediately:

  1. Patch: Apply the ADC rule update released by Imperva on February 26, 2024. Imperva customers can find detailed instructions in the official documentation on the Imperva Support Portal.
  2. Review Security: Conduct a thorough audit of your web applications, paying close attention to any known vulnerabilities that were previously protected by the WAF. Consider additional security measures such as vulnerability scanning and penetration testing to strengthen your defenses.

The Bigger Picture

This vulnerability highlights the crucial role of Web Application Firewalls in safeguarding organizations against cyberattacks. It also serves as a stark reminder that no security solution is infallible. Regular patching and continuous security assessments are essential to keep your digital assets safe.