WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
References
| Link | Resource |
|---|---|
| https://www.ambionics.io/blog/hacking-watchguard-firewalls | Exploit Third Party Advisory |
| https://www.openwall.com/lists/oss-security/2022/08/30/2 | Mailing List Third Party Advisory |
| https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Sep 2022, 03:19
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:o:watchguard:fireware:12.8.0:u1:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:12.6.1:u3:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:12.7.2:u2:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:12.6.3:*:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:12.7.1:*:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:12.7.0:u1:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:12.6.1:u1:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:12.6.4:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.ambionics.io/blog/hacking-watchguard-firewalls - Exploit, Third Party Advisory | |
| References | (MISC) https://www.openwall.com/lists/oss-security/2022/08/30/2 - Mailing List, Third Party Advisory | |
| References | (MISC) https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017 - Vendor Advisory |
06 Sep 2022, 18:50
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-31790
Mitre link : CVE-2022-31790
CVE.ORG link : CVE-2022-31790
JSON object : View
Products Affected
watchguard
- fireware
CWE