WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
References
Link | Resource |
---|---|
https://www.ambionics.io/blog/hacking-watchguard-firewalls | Exploit Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/08/30/2 | Mailing List Third Party Advisory |
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-06T17:54:41
Updated: 2022-09-06T17:54:41
Reserved: 2022-05-27T00:00:00
Link: CVE-2022-31790
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-06T18:15:15.440
Modified: 2022-09-10T03:19:58.970
Link: CVE-2022-31790
JSON object: View
Redhat Information
No data.
CWE