CVE-2022-40629 is a high-severity vulnerability affecting Tacitine Firewall devices, specifically the EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 models running firmware versions from 19.1.1 through 22.20.1 inclusive. The vulnerability stems from an insecure design in the web-based management interface of the Tacitine Firewall, which allows an unauthenticated remote attacker to send specially crafted HTTP requests to the device. Exploitation of this flaw enables the attacker to gain unauthorized access to sensitive information stored or processed by the firewall without requiring any authentication or user interaction. The vulnerability is classified under CWE-200 (Information Exposure), indicating that confidential data can be disclosed to unauthorized parties. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the ease of exploitation (network attack vector, no privileges or user interaction required) and the high impact on confidentiality. However, the integrity and availability of the device are not affected. No known exploits have been reported in the wild to date, and no official patches or mitigation links have been provided by the vendor at the time of this report. The vulnerability poses a significant risk as firewalls are critical security infrastructure components, and exposure of sensitive information could lead to further targeted attacks or compromise of network security posture.

For European organizations, this vulnerability could have serious consequences. Tacitine Firewalls are often deployed at network perimeters or critical internal segments to enforce security policies and protect sensitive data. Unauthorized disclosure of configuration details, credentials, or network topology information could enable attackers to bypass security controls, escalate privileges, or conduct reconnaissance for subsequent attacks. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government institutions within Europe. The exposure of sensitive information could lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, the lack of authentication requirement increases the risk of automated scanning and exploitation attempts from external threat actors. Although no active exploits are known, the public disclosure of this vulnerability increases the likelihood of exploitation attempts, especially against organizations that have not updated or mitigated the risk. The impact is amplified in environments where Tacitine Firewalls are integrated with other security systems or where the firewall’s management interface is accessible from untrusted networks.

Given the absence of official patches, European organizations should implement immediate compensating controls to reduce exposure. First, restrict access to the Tacitine Firewall management interface by enforcing strict network segmentation and firewall rules to allow only trusted administrative hosts to connect. Employ VPNs or secure management channels (e.g., SSH tunnels) to access the interface, eliminating direct exposure to the internet or untrusted networks. Regularly audit and monitor firewall logs for unusual HTTP requests or access patterns indicative of exploitation attempts. Disable or limit web management interface features if possible, or switch to alternative management methods that do not expose vulnerable HTTP endpoints. Organizations should engage with Tacitine support to obtain firmware updates or patches addressing this vulnerability and plan prompt deployment once available. Additionally, conduct internal vulnerability scans and penetration tests to verify that the vulnerability is not exploitable within their environment. Finally, maintain up-to-date asset inventories to identify all affected devices and prioritize remediation efforts accordingly.