CVSS: 10.0EPSS: 7%CPEs: 10EXPL: 0CVE-2022-31789
https://notcve.org/view.php?id=CVE-2022-31789
06 Sep 2022 — An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. Un desbordamiento de enteros en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto no autenticado desencadenar un desbordamiento de búfer y potencialmente ejecutar código arbitrario enviando una petición... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00015 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2022-31790
https://notcve.org/view.php?id=CVE-2022-31790
06 Sep 2022 — WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto no autenticado recuperar configuraciones confidenciales del servidor de autenticación mediante el envío de una petición maliciosa a los endpoints de autenticación expuestos. Esto ha ... • https://www.ambionics.io/blog/hacking-watchguard-firewalls •
CVSS: 9.1EPSS: 1%CPEs: 60EXPL: 0CVE-2022-25361
https://notcve.org/view.php?id=CVE-2022-25361
07 Jun 2022 — WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto no autenticado eliminar archivos arbitrarios de un conjunto limitado de directorios en el sistema. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a... • https://watchguard.com •
CVSS: 9.8EPSS: 92%CPEs: 13EXPL: 5CVE-2022-26318 – WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-26318
04 Mar 2022 — On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. En los dispositivos WatchGuard Firebox y XTM, un usuario no autenticado puede ejecutar código arbitrario, también conocido como FBX-22786. Esta vulnerabilidad afecta a Fireware OS antes de 12.7.2_U2, 12.x antes de 12.1.3_U8, y 12.2.x hasta 12.5.x antes de 12.5.9_U2 On WatchGuard... • https://packetstorm.news/files/id/177855 •
CVSS: 8.8EPSS: 4%CPEs: 15EXPL: 0CVE-2022-25291
https://notcve.org/view.php?id=CVE-2022-25291
24 Feb 2022 — An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Un desbordamiento de enteros en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto autenticado desencadenar un desbordamient... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-25290
https://notcve.org/view.php?id=CVE-2022-25290
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiadas recuperar las claves privadas de los certificados. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2,... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-25363
https://notcve.org/view.php?id=CVE-2022-25363
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiadas modificar las credenciales privilegiadas de los usuarios de administración. Esta vulnerabilidad afecta a Fireware... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 15EXPL: 0CVE-2022-25293
https://notcve.org/view.php?id=CVE-2022-25293
24 Feb 2022 — A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Un desbordamiento de búfer basado en la pila systemd en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto autenticado ejecutar potencialmente códi... • https://cwe.mitre.org/data/definitions/121.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 4%CPEs: 15EXPL: 0CVE-2022-25292
https://notcve.org/view.php?id=CVE-2022-25292
24 Feb 2022 — A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Un desbordamiento del búfer basado en la pila wgagent en los dispositivos WatchGuard Firebox y XTM permite a un atacante remoto autenticado ejecutar potencialmente cód... • https://cwe.mitre.org/data/definitions/121.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-25360
https://notcve.org/view.php?id=CVE-2022-25360
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto autenticado con credenciales no privilegiado subir archivos a ubicaciones arbitrarias. Esta vulnerabilidad afecta a Fireware OS versiones anteriores a 12.7.2_U2, version... • https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html • CWE-434: Unrestricted Upload of File with Dangerous Type •