Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31790

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.

Published

2022-09-06T18:15:15.440

Last Modified

2024-11-21T07:05:19.793

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	watchguard	fireware	< 12.1.4	Yes
Operating System	watchguard	fireware	< 12.5.10	Yes
Operating System	watchguard	fireware	12.6.1	Yes
Operating System	watchguard	fireware	12.6.1	Yes
Operating System	watchguard	fireware	12.6.3	Yes
Operating System	watchguard	fireware	12.6.4	Yes
Operating System	watchguard	fireware	12.7.0	Yes
Operating System	watchguard	fireware	12.7.1	Yes
Operating System	watchguard	fireware	12.7.2	Yes
Operating System	watchguard	fireware	12.8.0	Yes

References

https://www.ambionics.io/blog/hacking-watchguard-firewalls Exploit, Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2022/08/30/2 Mailing List, Third Party Advisory ([email protected])
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017 Vendor Advisory ([email protected])
https://www.ambionics.io/blog/hacking-watchguard-firewalls Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/08/30/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)