Remote Management Access Vulnerability in WatchGuard Firebox and XTM Appliances
CVE-2022-23176
Key Information:
- Vendor
Watchguard
- Status
- Vendor
- CVE Published:
- 24 February 2022
Badges
What is CVE-2022-23176?
A security vulnerability exists in WatchGuard Firebox and XTM appliances that enables a remote attacker with unprivileged credentials to gain unauthorized access to the system. This flaw allows the attacker to establish a privileged management session due to exposed management access. Impacted versions of Fireware OS include those prior to 12.7.2_U1, versions 12.x before 12.1.3_U3, and versions from 12.2.x to 12.5.x before 12.5.7_U3.
CISA has reported CVE-2022-23176
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-23176 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
10% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 🟡
Public PoC available
Vulnerability published
Vulnerability Reserved