Firebox Authenticated Stack Overflow Vulnerability va CLI Interface

Advisory ID

WGSA-2022-00016

CVE

CVE-2022-25362

Impact

Critical

Status

Resolved

Product Family

Firebox

Published Date

2022-06-23

Updated Date

2022-06-17

Workaround Available

False

CVSS Score

8.8

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A Stack-based overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image from the command line interface.

Affected

Fireware OS before 12.8, 12.x before 12.1.4, and 12.2.x through 12.5.x before 12.5.10.

Resolution

Fireware OS 12.8, 12.5.10, 12.1.4

Advisory Product List

Product Family	Product Branch	Product List
Firebox	Fireware OS 12.x	T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV
Firebox	Fireware OS 12.5.x	T15, T35

Advisory List

Go to