Firebox Management Privilege Escallation Vulnerability
Advisory ID
WGSA-2021-00004
CVE
CVE-2022-23176
Impact
High
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
True
CVSS Score
8.8
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
WatchGuard believes the sophisticated threat actor Sandworm is exploiting this vulnerability in the wild. Please see our Cyclops Blink FAQ for additional information.
Affected
Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.
Resolution
Fireware OS 12.7.2_U1, 12.5.7_U3, 12.1.3_U3
Workaround
This vulnerability requires network access to management (WSM or the WebUI) on affected devices. Firebox and XTM administrators should follow recommended best practices and restrict management access to trusted networks only.
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Firebox
|
Fireware OS 12.5.x | T15, T35 |