CVSS: 9.8EPSS: 92%CPEs: 13EXPL: 5CVE-2022-26318 – WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-26318
04 Mar 2022 — On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. En los dispositivos WatchGuard Firebox y XTM, un usuario no autenticado puede ejecutar código arbitrario, también conocido como FBX-22786. Esta vulnerabilidad afecta a Fireware OS antes de 12.7.2_U2, 12.x antes de 12.1.3_U8, y 12.2.x hasta 12.5.x antes de 12.5.9_U2 On WatchGuard... • https://packetstorm.news/files/id/177855 •
CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 0CVE-2022-25291
https://notcve.org/view.php?id=CVE-2022-25291
24 Feb 2022 — An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Un desbordamiento de enteros en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto autenticado desencadenar un desbordamient... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-25290
https://notcve.org/view.php?id=CVE-2022-25290
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiadas recuperar las claves privadas de los certificados. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2,... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-25363
https://notcve.org/view.php?id=CVE-2022-25363
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiadas modificar las credenciales privilegiadas de los usuarios de administración. Esta vulnerabilidad afecta a Fireware... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 15EXPL: 0CVE-2022-25293
https://notcve.org/view.php?id=CVE-2022-25293
24 Feb 2022 — A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Un desbordamiento de búfer basado en la pila systemd en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto autenticado ejecutar potencialmente códi... • https://cwe.mitre.org/data/definitions/121.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 5%CPEs: 15EXPL: 0CVE-2022-25292
https://notcve.org/view.php?id=CVE-2022-25292
24 Feb 2022 — A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Un desbordamiento del búfer basado en la pila wgagent en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto autenticado ejecutar potencialmente cód... • https://cwe.mitre.org/data/definitions/121.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-25360
https://notcve.org/view.php?id=CVE-2022-25360
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiado subir archivos a ubicaciones arbitrarias. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2, version... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 12%CPEs: 9EXPL: 0CVE-2022-23176 – WatchGuard Firebox and XTM Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-23176
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3. Los dispositivos WatchGuard Firebox y XTM permiten que un atacante remoto con credenciales no privilegiadas acceda al sistema con una sesión de gestión privilegiada a través del acceso de gestión expuesto. E... • https://arstechnica.com/information-technology/2022/04/watchguard-failed-to-disclose-critical-flaw-exploited-by-russian-hackers •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-6413
https://notcve.org/view.php?id=CVE-2014-6413
07 Feb 2020 — A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. Se presenta una vulnerabilidad de Cross-site Scripting (XSS) en WatchGuard XTM versión 11.8.3, por medio del parámetro poll_name en el script firewall/policy. • http://seclists.org/fulldisclosure/2014/Sep/70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6154
https://notcve.org/view.php?id=CVE-2016-6154
23 Aug 2019 — The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). El applet de autenticación en el sistema operativo Watchguard Fireware 11.11 ha reflejado XSS (esto también puede causar una redirección abierta). • https://www.sec-1.com/blog/2016/sec-1-advisory-reflected-cross-site-scripting-open-redirect-watchguard-fireware-v11-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •