Williams analyzed different types of appliances from some of the leading security vendors, including Symantec, Sophos, Trend Micro, Cisco, Barracuda, McAfee and Citrix, and said that over 80 percent of them contained serious vulnerabilities that were relatively easy to find.
One of the examples presented by Williams during his talk at Black Hat Europe and covered in more detail in a white paper released later, involved multiple vulnerabilities that he found in the Sophos Email Appliance last year.
"The Sophos Email Appliance (v184.108.40.206) had multiple vulnerabilities which in combination could allow the system to be fully compromised, giving an attacker both administrative access to the UI, and a root shell on the underlying operating system," Williams said in the paper. "These included various instances of command injection, XSS with session-hijacking, CSRF, session-fixation, etc."
Sophos addressed those flaws in January 2013, along with other issues discovered during its own security review of the product. Williams commended Sophos for the auto-update feature built into its appliances, which he said is not the norm in products from other vendors.