Advisory ID
WGSA-2022-00008
Published Date
Workaround Available
False
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations.
Affected
Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Resolution
Fireware OS 12.8, 12.7.2_U2, 12.5.9_U2, 12.1.3_U8
Credits
Internally discovered
Advisory Product List
Product Family
Product Branch
Product List
XTM 8 Series (2nd Gen)
XTM850,
XTM860,
XTM870,
XTM870-F
XTM 1500 and 2520
XTM1520-RP,
XTM1525-RP,
XTM2520
Firebox T (1st Gen)
T10,
T10-W,
T10-D,
T30,
T30-W,
T50,
T50-W
Firebox T (3rd Gen)
T20,
T20-W,
T40,
T40-W,
T80
Firebox M (1st Gen)
M200,
M300,
M400,
M440,
M500
Firebox M (2nd Gen)
M270,
M370,
M470,
M570,
M670
Firebox M (3rd Gen)
M290,
M390,
M590,
M690,
M4800,
M5800
XTMv
Small,
Medium,
Large,
Datacenter
FireboxV
Small,
Medium,
Large,
XLarge
Firebox T (2nd Gen)
T15,
T15-W,
T35,
T35-W,
T35-R,
T55,
T55-W,
T70
FireboxCloud
Small,
Medium,
Large,
XLarge