hypnosec writes "Most of the security appliances in use today ranging from software based firewalls to Unified Threat Management (UTM) systems and email and web gateways are packed with serious security vulnerabilities it has been revealed. According to Ben Williams of NCC Group, security appliances sold by different vendors and used in production environments are based on Linux with outdated or old kernel versions that are vulnerable to some or other kind of exploits. Presenting the findings at the Black Hat Europe 2013 security conference, Williams revealed that on top of the not so properly maintained Linux, even the web applications that provide the front end aka GUI for the appliance are insecure. As detailed in his whitepaper some of the common vulnerabilities found in almost all products were inability to protect against brute-force password cracking attempts; cross-site scripting flaws; cross-site request forgery; command injection vulnerabilities and privilege escalation."
Link to Original Source