CVE-2022-25361
https://notcve.org/view.php?id=CVE-2022-25361
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto no autenticado eliminar archivos arbitrarios de un conjunto limitado de directorios en el sistema. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2, 12.x versiones anteriores a 12.1.3_U8, y 12.2.x hasta 12.5.x anteriores a 12.5.9_U2 • https://watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00004 •
CVE-2022-26318 – WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. En los dispositivos WatchGuard Firebox y XTM, un usuario no autenticado puede ejecutar código arbitrario, también conocido como FBX-22786. Esta vulnerabilidad afecta a Fireware OS antes de 12.7.2_U2, 12.x antes de 12.1.3_U8, y 12.2.x hasta 12.5.x antes de 12.5.9_U2 On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. • https://github.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318 https://github.com/BabyTeam1024/CVE-2022-26318 https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html - •
CVE-2022-25291
https://notcve.org/view.php?id=CVE-2022-25291
An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Un desbordamiento de enteros en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto autenticado desencadenar un desbordamiento de búfer basado en la pila y potencialmente ejecutar código arbitrario al iniciar una actualización de firmware con una imagen de actualización maliciosa. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2, versiones 12.x anteriores a 12.1.3_U8, y versiones 12.2.x hasta 12.5.x anteriores a 12.5.9_U2 • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-190: Integer Overflow or Wraparound •
CVE-2022-25290
https://notcve.org/view.php?id=CVE-2022-25290
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiadas recuperar las claves privadas de los certificados. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2, versiones 12.x anteriores a 12.1.3_U8, y versiones 12.2.x hasta 12.5.x anteriores a 12.5.9_U2 • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html •
CVE-2022-25363
https://notcve.org/view.php?id=CVE-2022-25363
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiadas modificar las credenciales privilegiadas de los usuarios de administración. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2, versiones 12.x anteriores a 12.1.3_U8 y versiones 12.2.x hasta 12.5.x anteriores a 12.5.9_U2 • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-787: Out-of-bounds Write •