Published: 19/10/2013 Updated: 27/07/2015

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in WGagent in WatchGuard WSM and Fireware prior to 11.8 allows remote malicious users to execute arbitrary code via a long sessionid value in a cookie.

Vulnerable Product	Search on Vulmon	Subscribe to Product
watchguard fireware 11.5.1
watchguard fireware 11.4.2
watchguard fireware 11.4
watchguard fireware 11.3.6
watchguard fireware 11.5.3
watchguard fireware 11.3
watchguard fireware 11.1
watchguard fireware
watchguard fireware 11.7.2
watchguard fireware 11.6.6
watchguard fireware 11.2.3
watchguard fireware 11.0.2

#!/usr/bin/perl -w # Exploit Title: WatchGuard Firewall XTM version 1174u1 - Remote buffer overflow exploit ~ sessionid cookie # Date: Oct 18 2013 # Exploit Author: st3n@funoveripnet (aka jeromenokin@gmailcom) # Vendor Homepage: wwwwatchguardcom # Version: <= 1174u1 # Tested on: XTMv # CVE : CVE-2013-6021 =header ************ ...

WatchGuard Firewall XTM version 1174u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie This is the perl version of the exploit ...

WatchGuard Firewall XTM version 1174u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie This is the Metasploit module version of the exploit ...

CWE-119 http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/http://www.kb.cert.org/vuls/id/233990 http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/http://www.exploit-db.com/exploits/29273 http://osvdb.org/98752 http://www.securityfocus.com/bid/63227 https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit/https://nvd.nist.gov https://www.exploit-db.com/exploits/29273/https://www.kb.cert.org/vuls/id/233990

CVE-2013-6021

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect