Argument Injection Vulnerability in WatchGuard Fireware OS
CVE-2022-31749

6.5MEDIUM

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 28 January 2025

Summary

An argument injection vulnerability exists in the diagnose and import pac commands of WatchGuard Fireware OS versions prior to 12.8.1, 12.1.4, and 12.5.10. This flaw allows an authenticated remote attacker with limited privileges to manipulate commands, potentially leading to unauthorized file uploads or reads in restricted locations on WatchGuard Firebox and XTM devices. Addressing this security issue is crucial for protecting sensitive information and ensuring the integrity of these appliances.

Affected Version(s)

Fireware OS 0 < 12.8.1

Fireware OS 12.x < 12.1.4

Fireware OS 12.2.x < 12.5.x

References

https://www.rapid7.com/blog/post/2022/06/23/cve-2022-3174...

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025

Credit

Jake Baines, Rapid7