Vulnerabilities > Watchguard

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2022-26318 Unspecified vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786.
network
low complexity
watchguard
7.5
2022-02-24 CVE-2022-23176 Improper Privilege Management vulnerability in Watchguard Fireware 12.1.3/12.5.7/12.7.2
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
network
low complexity
watchguard CWE-269
critical
9.0
2022-02-24 CVE-2022-25290 Unspecified vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys.
network
low complexity
watchguard
4.0
2022-02-24 CVE-2022-25291 Integer Overflow or Wraparound vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2
An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image.
network
low complexity
watchguard CWE-190
6.5
2022-02-24 CVE-2022-25292 Out-of-bounds Write vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2
A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image.
network
low complexity
watchguard CWE-787
6.5
2022-02-24 CVE-2022-25293 Out-of-bounds Write vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2
A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image.
network
low complexity
watchguard CWE-787
6.5
2022-02-24 CVE-2022-25360 Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations.
network
low complexity
watchguard CWE-434
6.5
2022-02-24 CVE-2022-25363 Incorrect Permission Assignment for Critical Resource vulnerability in Watchguard Fireware 12.1.3/12.5.9/12.7.2
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials.
network
low complexity
watchguard CWE-732
4.0
2022-01-13 CVE-2021-34998 Improper Privilege Management vulnerability in Watchguard Panda Antivirus 18.0
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0.
local
low complexity
watchguard CWE-269
7.2
2020-03-12 CVE-2020-10532 Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware
The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.
network
low complexity
watchguard CWE-312
5.0