Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
watchguard fireware vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-10532
The AD Helper component in WatchGuard Fireware prior to 5.8.5.10317 allows remote malicious users to discover cleartext passwords via the /domains/list URI.
Watchguard Ad Helper Firmware
5
CVSSv2
CVE-2017-8056
WatchGuard Fireware v11.12.1 and previous versions mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connec...
Watchguard Fireware
5
CVSSv2
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and previous versions returns different responses for valid and invalid usernames. An attacker co...
Watchguard Fireware
4.3
CVSSv2
CVE-2014-6413
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.
Watchguard Fireware Xtm 11.8.3
4.3
CVSSv2
CVE-2017-14615
An FBX-5313 issue exists in WatchGuard Fireware prior to 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be render...
Watchguard Fireware
4.3
CVSSv2
CVE-2014-0338
Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM prior to 11.8.3 allow remote malicious users to inject arbitrary web script or HTML via the pol_name parameter.
Watchguard Fireware 11.7
Watchguard Fireware 11.6.6
Watchguard Fireware 11.6.5
Watchguard Fireware 11.6.3
Watchguard Fireware
Watchguard Fireware 11.7.4
Watchguard Fireware 11.7.2
Watchguard Fireware 11.6.1
Watchguard Fireware 11.8
Watchguard Fireware 11.7.3
Watchguard Fireware 11.6
4.3
CVSSv2
CVE-2013-5702
Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware prior to 11.8 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Watchguard Fireware
Watchguard Fireware 11.6.1
Watchguard Fireware 11.7.2
Watchguard Fireware 11.7
Watchguard Fireware 11.6.6
Watchguard Fireware 11.6.5
Watchguard Fireware 11.7.3
Watchguard Fireware 11.6.3
Watchguard Fireware 11.6
Watchguard Watchguard System Manager -
4
CVSSv2
CVE-2022-25363
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS prior to 12.7.2_U2, 12.x prior to 12.1.3_U8, and 12.2.x up to and including 12.5.x p...
Watchguard Fireware
Watchguard Fireware 12.1.3
Watchguard Fireware 12.7.2
Watchguard Fireware 12.5.9
4
CVSSv2
CVE-2022-25290
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS prior to 12.7.2_U2, 12.x prior to 12.1.3_U8, and 12.2.x up to and including 12.5.x prior to 12.5...
Watchguard Fireware
Watchguard Fireware 12.1.3
Watchguard Fireware 12.5.9
Watchguard Fireware 12.7.2
NA
CVE-2022-31791
WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Watchguard Fireware 12.8.0
Watchguard Fireware 12.7.2
Watchguard Fireware 12.7.1
Watchguard Fireware 12.7.0
Watchguard Fireware 12.6.3
Watchguard Fireware 12.6.4
Watchguard Fireware 12.6.1
Watchguard Fireware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »