CVE-2017-14616

{"id": "CVE-2017-14616", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-09-20T20:29:00.260", "references": [{"url": "http://www.securityfocus.com/archive/1/540427", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.sidertia.com/Home/Community/Blog/2017/09/18/Fixed-Fireware-XXE-DOS-and-stored-XSS-vulnerabilities-discovered-by-Sidertia", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible."}, {"lang": "es", "value": "Se ha descubierto un problema FBX-5312 en WatchGuard Fireware en versiones anteriores a la 12.0. Si se intenta iniciar sesi\u00f3n en la interfaz XML-RPC con un mensaje XML que contiene un elemento de miembro vac\u00edo, se produce el cierre inesperado de wgagent, cerrando la sesi\u00f3n de cualquier usuario con sesi\u00f3n iniciada en la interfaz de usuario. Si se ejecuta continuamente el intento fallido de inicio de sesi\u00f3n, la gesti\u00f3n de la interfaz de usuario del dispositivo se volver\u00e1 imposible."}], "lastModified": "2017-10-04T17:16:48.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B6786D7-D193-4D19-9536-02F1F813EFEA", "versionEndIncluding": "11.12.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}