Stack-Based Buffer Overflow Vulnerability in WatchGuard Firebox and XTM Appliances
CVE-2022-25293

8.8HIGH

Key Information:

Vendor: Watchguard
Status: Fireware
Vendor: CVE Published:; 24 February 2022

What is CVE-2022-25293?

A stack-based buffer overflow vulnerability exists in the systemd component of WatchGuard Firebox and XTM appliances. This flaw can be exploited by an authenticated remote attacker who initiates a firmware update using a malicious image. If successfully exploited, it could allow the attacker to execute arbitrary code on the affected device. The vulnerability impacts several versions of Fireware OS, making it crucial for users to apply the necessary updates to ensure their systems are protected.

References

https://cwe.mitre.org/data/definitions/121.html

x_refsource_MISC

https://www.watchguard.com/support/release-notes/fireware...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Feb 16, 2022

Watchguard

What is CVE-2022-25293?

References

CVSS V3.1

Timeline