Buffer Overflow in WatchGuard Fireware OS Could Allow Arbitrary Code Execution
CVE-2024-5974

7.2HIGH

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-5974?

A buffer overflow vulnerability found in WatchGuard's Fireware OS allows an authenticated remote attacker with privileged management access to potentially execute arbitrary code with system privileges. This flaw affects numerous versions of the Fireware OS ranging from 11.9.6 through 12.10.3, posing significant risks to the security framework of any deployed firewall. Organizations using these versions should prioritize applying available patches and updates to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Fireware OS 11.9.6 <= 12.5.12+687697

Fireware OS 12.6.0 <= 12.10.3

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Jun 13, 2024

Watchguard

What is CVE-2024-5974?

Affected Version(s)

References

CVSS V3.1

Timeline