module
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
| Disclosed |
|---|
| Aug 29, 2022 |
Disclosed
Aug 29, 2022
Description
This module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox
and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary
called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x
before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary
called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x
before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.