Vulnerability Details : CVE-2013-6021
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-6021
- cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.7.2:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.6.6:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:11.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6021
28.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6021
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-6021
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6021
-
https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit/
WatchGuard – CVE-2013-6021 – Stack Based Buffer Overflow Exploit | Fun Over IPExploit
-
http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/
WatchGuard Dimension and Fireware XTM 11.8 | Secplicity - Security SimplifiedVendor Advisory
-
http://www.securityfocus.com/bid/63227
Watchguard Extensible Threat Management CVE-2013-6021 Stack Based Buffer Overflow VulnerabilityExploit
-
http://www.kb.cert.org/vuls/id/233990
VU#233990 - Watchguard Extensible Threat Management (XTM) appliance version 11.7.4 contains a buffer overflow vulnerabilityPatch;US Government Resource
-
http://www.exploit-db.com/exploits/29273
Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow - Hardware remote ExploitExploit
-
http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/
WatchGuard's XTM 11.8 Software Fixes Buffer Overflow & XSS Vulnerabilities | Secplicity - Security SimplifiedVendor Advisory
Jump to