XML External Entity Vulnerability in WatchGuard Fireware Software
CVE-2017-8056

5.3MEDIUM

Key Information:

Vendor
Watchguard
Status
Fireware
Vendor
CVE Published:
22 April 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 16%

Summary

An XML External Entity (XXE) vulnerability exists in the WatchGuard Fireware software, specifically in the XML-RPC agent. This flaw results in the wgagent process crashing when it mishandles requests that reference external entities. Such crashes terminate all authenticated sessions, including management connections, and block new authenticated sessions until the process restarts. Furthermore, during recovery, the Firebox may suffer from performance degradation. Attackers can exploit this vulnerability by continuously sending crafted XML-RPC requests, enabling them to execute a limited Denial of Service (DoS) attack against affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-8056
Created by itzexploit

References

https://www.sidertia.com/Home/Community/Blog/2017/04/17/F...
x_refsource_MISC
https://packetstormsecurity.com/files/142177/watchguardfb...
x_refsource_MISC
https://www.watchguard.com/support/release-notes/fireware...
x_refsource_MISC

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

  • Vulnerability published

.