CVE-2017-8055

Опубликовано: 22 апр. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.

Ссылки

http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU
Vendor Advisory
https://packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt
Exploit
Third Party Advisory
VDB Entry
https://www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia
Exploit
Third Party Advisory
https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html
Release Notes
Vendor Advisory
http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU
Vendor Advisory
https://packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt
Exploit
Third Party Advisory
VDB Entry
https://www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia
Exploit
Third Party Advisory
https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*

Версия до 11.2.1 (включая)

EPSS

Процентиль: 52%

0.00292

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-v893-q2rg-wwfx