A critical authentication bypass vulnerability has been identified in the web-based management interface of specific Dasan Switch products. This flaw allows an unauthenticated remote attacker to gain administrative control over the affected network switches by sending a specially crafted cookie, posing a severe risk to network integrity, confidentiality, and availability.

The vulnerability exists within the authentication mechanism of the switch's web interface. An attacker can exploit this flaw by creating and storing a malicious cookie in their web browser before accessing the device's login page. The web server fails to properly validate the session information contained within this crafted cookie, granting the attacker an authenticated session with escalated privileges without requiring a valid username or password.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to gain full administrative control of the network switch, leading to severe business consequences. An attacker could reconfigure the switch to cause a network-wide denial of service, intercept sensitive data traversing the network, or use the compromised device as a pivot point to launch further attacks against the internal network. This poses a direct risk to business operations, data confidentiality, and the overall security posture of the organization.

Immediate Action: Immediately apply the vendor-supplied firmware updates to all affected Dasan Switch devices to patch the vulnerability. After updating, verify that the new firmware version is correctly installed and the device is operating as expected.

Proactive Monitoring: Review web access logs on the Dasan Switch management interface for any unusual or unauthorized successful logins, especially from unexpected IP addresses. Monitor network traffic for anomalous connections to the switch's management port. Implement alerts for any unauthorized configuration changes on the device.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Restrict access to the switch's web management interface to a secure, isolated management network.
• Use an access control list (ACL) to permit access only from specific, trusted IP addresses.
• If possible, disable the web-based interface and use a more secure management protocol such as SSH/CLI.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate threat to the network infrastructure. Although it is not currently listed on the CISA KEV list, organizations must treat this with the highest priority. We strongly recommend that the firmware on all affected Dasan Switch models be updated immediately. If patching cannot be performed right away, the compensating controls listed above must be implemented without delay to limit the device's exposure.