CVSS: 9.0EPSS: 12%CPEs: 9EXPL: 0CVE-2022-23176 – WatchGuard Firebox and XTM Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-23176
24 Feb 2022 — WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3. Los dispositivos WatchGuard Firebox y XTM permiten que un atacante remoto con credenciales no privilegiadas acceda al sistema con una sesión de gestión privilegiada a través del acceso de gestión expuesto. E... • https://arstechnica.com/information-technology/2022/04/watchguard-failed-to-disclose-critical-flaw-exploited-by-russian-hackers •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34998 – Panda Security Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34998
29 Nov 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in t... • https://www.pandasecurity.com/en/support/card?id=100077 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10532
https://notcve.org/view.php?id=CVE-2020-10532
12 Mar 2020 — The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. El componente AD Helper en WatchGuard Fireware versiones anteriores a 5.8.5.10317, permite a atacantes remotos detectar contraseñas de texto sin cifrar por medio del URI /domains/list. • https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/-credential-disclosure-in-watchguard-fireware-ad-helper-component • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-6413
https://notcve.org/view.php?id=CVE-2014-6413
07 Feb 2020 — A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. Se presenta una vulnerabilidad de Cross-site Scripting (XSS) en WatchGuard XTM versión 11.8.3, por medio del parámetro poll_name en el script firewall/policy. • http://seclists.org/fulldisclosure/2014/Sep/70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18652
https://notcve.org/view.php?id=CVE-2019-18652
07 Jan 2020 — A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). Ha sido identificada una vulnerabilidad de tipo XSS basada en DOM en el WatchGuard XMT515 versiones hasta la versión 12.1.3, permitiendo a un atacante remoto ... • https://gitlab.com/crypt0crc/cve-2019-18652 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6154
https://notcve.org/view.php?id=CVE-2016-6154
23 Aug 2019 — The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). El applet de autenticación en el sistema operativo Watchguard Fireware 11.11 ha reflejado XSS (esto también puede causar una redirección abierta). • https://www.sec-1.com/blog/2016/sec-1-advisory-reflected-cross-site-scripting-open-redirect-watchguard-fireware-v11-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.0EPSS: 4%CPEs: 8EXPL: 2CVE-2018-10577 – Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10577
02 May 2018 — An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15 y en los dispositivos AP300 con firmware en versiones ant... • https://packetstorm.news/files/id/147468 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2018-10578 – Watchguard Hard-Coded Credentials / Failed Controls
https://notcve.org/view.php?id=CVE-2018-10578
02 May 2018 — An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15 y en los dispositivos AP300 con firmware en versiones anteriores a la 2.0.0.10. La validación del... • https://packetstorm.news/files/id/147468 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 11%CPEs: 6EXPL: 2CVE-2018-10575 – Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10575
30 Apr 2018 — An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15. Existen credenciales embebidas para una cuenta SSH no privilegiada con un shell de /bin/false. WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded crede... • https://packetstorm.news/files/id/147468 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-10576 – Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10576
30 Apr 2018 — An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15. La gestión de autenticación incorrecta por parte de la interfaz web de usuario de Access Point permite la autenticaci... • https://packetstorm.news/files/id/147468 • CWE-287: Improper Authentication •