Firewall vendors in 2024

Fortinet, Palo, Checkpoint, Cisco, Sonicwall ... is there any big firewall vendor that didn't have any critical vulnerabilities last year?

17 comments

Obsolete binaries not updated for years, hardcoded secrets… this is what you get in firewalls like any other piece of black box equipment.
- Security by obscurity may work in delaying exploits, but once someone breaks the obscurity, they have a headstart on exploiting it over those hoping to fix it.
  
  Security by old software, or how I call it: the ivanti approach
- And every service runs as root. This enables the CRL webserver to download /etc/shadow ...
  
  Or user sessions persist on the filesystem so a glitch on the captive portal’s web server allow you to get clear text username and password for currently connected vpn sessions …
- Yep. Closed source is for the software that no one would ever buy if they could read it.
Mikrotik & pfSense?
- sounds correct
- pfsense technically shared the ssh server one i thought
  
  The last time I installed pfsense Ssh was disabled by default.
- firewalla?
- Makes me glad I went with MikroTik for my home network.
No. And if there are any that say they didn't I don't believe them.
Did nftables or ebpf have any critical zero days last year?
- AFAIK not. This meme is targeted at commercial firewall appliances, that often have VPN/IPS/authentication and many other features that are exploited regularly.

17 comments