Vulnerabilities > CVE-2022-31790 - Unspecified vulnerability in Watchguard Fireware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Vulnerable Configurations
References
- https://www.ambionics.io/blog/hacking-watchguard-firewalls
- https://www.ambionics.io/blog/hacking-watchguard-firewalls
- https://www.openwall.com/lists/oss-security/2022/08/30/2
- https://www.openwall.com/lists/oss-security/2022/08/30/2
- https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017
- https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017