CVE-2022-31790 - OpenCVE

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Watchguard	Fireware

Configuration 1 [-]

OR	cpe:2.3:o:watchguard:fireware::::::::
	cpe:2.3:o:watchguard:fireware::::::::
	cpe:2.3:o:watchguard:fireware:12.6.1:u1::::::
	cpe:2.3:o:watchguard:fireware:12.6.1:u3::::::
	cpe:2.3:o:watchguard:fireware:12.6.3:::::::*
	cpe:2.3:o:watchguard:fireware:12.6.4:::::::*
	cpe:2.3:o:watchguard:fireware:12.7.0:u1::::::
	cpe:2.3:o:watchguard:fireware:12.7.1:::::::*
	cpe:2.3:o:watchguard:fireware:12.7.2:u2::::::
	cpe:2.3:o:watchguard:fireware:12.8.0:u1::::::

References

Link	Resource
https://www.ambionics.io/blog/hacking-watchguard-firewalls	Exploit Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/30/2	Mailing List Third Party Advisory
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-06T17:54:41

Updated: 2022-09-06T17:54:41

Reserved: 2022-05-27T00:00:00

Link: CVE-2022-31790

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-06T18:15:15.440

Modified: 2022-09-10T03:19:58.970

Link: CVE-2022-31790

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T17:54:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-31790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017", "refsource": "MISC", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}, {"name": "https://www.openwall.com/lists/oss-security/2022/08/30/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"name": "https://www.ambionics.io/blog/hacking-watchguard-firewalls", "refsource": "MISC", "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-31790", "datePublished": "2022-09-06T17:54:41", "dateReserved": "2022-05-27T00:00:00", "dateUpdated": "2022-09-06T17:54:41", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50E35898-20FC-4D3E-B059-EDFEEB2E19F3", "versionEndExcluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A5359B-EC12-4C13-B9CC-EE1B49DB67AE", "versionEndExcluding": "12.5.10", "versionStartIncluding": "12.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.1:u1:*:*:*:*:*:*", "matchCriteriaId": "2EDC1E95-9077-423E-90F4-928068CA6D74", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.1:u3:*:*:*:*:*:*", "matchCriteriaId": "C557A092-41F2-4325-884C-B4C03E196A56", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "41CE5E56-7E6E-48ED-A619-06BE1DAAABD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "299FC710-1AA1-4D3F-B902-231114B75B94", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.7.0:u1:*:*:*:*:*:*", "matchCriteriaId": "45C56536-625E-4E5A-B77A-CF33CEEBC91D", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "002B43DA-5A94-495D-8736-2FC5997155F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.7.2:u2:*:*:*:*:*:*", "matchCriteriaId": "4B189948-8037-4CB1-A859-0CCB5D9576F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.8.0:u1:*:*:*:*:*:*", "matchCriteriaId": "350B4BC0-B366-468B-93BF-366CA72EE5EC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4."}, {"lang": "es", "value": "Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto no autenticado recuperar configuraciones confidenciales del servidor de autenticaci\u00f3n mediante el env\u00edo de una petici\u00f3n maliciosa a los endpoints de autenticaci\u00f3n expuestos. Esto ha sido corregido en Fireware OS versiones 12.8.1, 12.5.10 y 12.1.4.\n"}], "id": "CVE-2022-31790", "lastModified": "2022-09-10T03:19:58.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-06T18:15:15.440", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}