Apache Struts Remote Code Execution Vulnerability (CVE-2023-50164)
Advisory ID
WGSA-2023-00009
CVE
CVE-2023-50164
Impact
Critical
Status
Not Applicable
Product Family
Firebox,
Endpoint,
WatchGuard Cloud,
Dimension,
Other Software,
Secure Wi-Fi
Published Date
Updated Date
Workaround Available
True
CVSS Score
9.8
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On December 7th, The Apache Software Foundation disclosed a path traversal vulnerability in the Apache Struts library which could lead to attackers gaining remote code execution with a carefully crafted file upload parameter.
Affected
| Product | Affected Version(s) | Note |
|---|---|---|
| Firebox | Not Impacted | The Firebox does not use Apache Struts |
| WatchGuard System Manager | Not Impacted | WSM does not use Apache Struts |
| Dimension | Not Impacted | Dimension does not use Apache Struts |
| WatchGuard Cloud | Not Impacted | WatchGuard Cloud and its components do not use Apache Struts |
| DNSWatch | Not Impacted | DNSWatch does not use Apache Struts |
| Endpoint | Not Impacted | WatchGuard Endpoint products (including AD360 and EPRD) do not use Apache Struts) |
| Cloud Wi-Fi APs | Not Impacted | WatchGuard Cloud-managed Wi-Fi APs do not use Apache Struts |
Advisory Product List
Product Family
Product Branch
Product List
Firebox
XTM 8 Series (2nd Gen)
XTM850,
XTM860,
XTM870,
XTM870-F
Firebox
XTM 1500 and 2520
XTM1520-RP,
XTM1525-RP,
XTM2520
Firebox
Firebox T (2nd Gen)
T15,
T15-W,
T35,
T35-W,
T35-R,
T55,
T55-W,
T70
Firebox
Firebox T (3rd Gen)
T20,
T20-W,
T40,
T40-W,
T80
Firebox
Firebox M (1st Gen)
M200,
M300,
M400,
M440,
M500
Firebox
Firebox M (2nd Gen)
M270,
M370,
M470,
M570,
M670
Firebox
Firebox T (1st Gen)
T10,
T10-W,
T10-D,
T30,
T30-W,
T50,
T50-W
Firebox
Firebox M (3rd Gen)
M290,
M390,
M590,
M690,
M4800,
M5800
Firebox
FireboxV
Small,
Medium,
Large,
XLarge
Firebox
XTMv
Small,
Medium,
Large,
Datacenter
Firebox
Firebox T (4th Gen)
NV5,
T25,
T45,
T85
Firebox
FireboxCloud
Small,
Medium,
Large,
XLarge
Endpoint
Panda Dome
Essential,
Advanced,
Complete,
Premium
Endpoint
Panda AD360
AD360
Endpoint
WatchGuard EPDR
EPP,
EDR,
EPDR
WatchGuard Cloud
WatchGuard Cloud
WatchGuard Cloud
WatchGuard Cloud
DNSWatch
DNSWatch
Dimension
Dimension
Dimension
Other Software
WatchGuard System Manager (WSM)
WSM
Other Software
AuthPoint (iOS)
AuthPoint (iOS)
Other Software
AuthPoint (Android)
AuthPoint (Android)
Other Software
AuthPoint (Windows)
AuthPoint (Windows)
Other Software
AuthPoint (macOS)
AuthPoint (macOS)
Secure Wi-Fi
Wi-Fi 6
AP130,
AP330,
AP430CR,
AP432
Secure Wi-Fi
Wi-Fi 4 & 5
AP322,
AP420,
AP125,
AP225W,
AP325,
AP327X