CVE-2017-14616

Опубликовано: 20 сент. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible.

Ссылки

http://www.securityfocus.com/archive/1/540427
Third Party Advisory
VDB Entry
https://www.sidertia.com/Home/Community/Blog/2017/09/18/Fixed-Fireware-XXE-DOS-and-stored-XSS-vulnerabilities-discovered-by-Sidertia
Exploit
Third Party Advisory
http://www.securityfocus.com/archive/1/540427
Third Party Advisory
VDB Entry
https://www.sidertia.com/Home/Community/Blog/2017/09/18/Fixed-Fireware-XXE-DOS-and-stored-XSS-vulnerabilities-discovered-by-Sidertia
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*

Версия до 11.12.4 (включая)

EPSS

Процентиль: 74%

0.00826

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-2qcw-856x-wxvp