Summary
| Detail | |||
|---|---|---|---|
| Vendor | Watchguard | First view | 2022-02-24 |
| Product | Fireware | Last view | 2024-07-09 |
| Version | 12.5.12 | Type | Os |
| Update | u1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:watchguard:fireware | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2024-07-09 | CVE-2024-5974 | A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. |
| 9.8 | 2022-03-04 | CVE-2022-26318 | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
| 6.5 | 2022-02-24 | CVE-2022-25363 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
| 8.8 | 2022-02-24 | CVE-2022-25360 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
| 8.8 | 2022-02-24 | CVE-2022-25293 | A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
| 8.8 | 2022-02-24 | CVE-2022-25292 | A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
| 8.8 | 2022-02-24 | CVE-2022-25291 | An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
| 6.5 | 2022-02-24 | CVE-2022-25290 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (3) | CWE-787 | Out-of-bounds Write |
| 16% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 16% (1) | CWE-190 | Integer Overflow or Wraparound |
| 16% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
