Vulnerability Details : CVE-2022-26318
Public exploit exists!
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Vulnerability category: Execute code
Products affected by CVE-2022-26318
- cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:u1:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:u2:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:u3:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:u4:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:u5:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:u6:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:u7:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.5.9:u1:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.7.2:u1:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.1.3:*:*:*:*:*:*:*
CVE-2022-26318 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
CISA required action:
Apply updates per vendor instructions.
CISA description:
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2022-26318
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2022-26318
83.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-26318
-
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
Disclosure Date: 2022-08-29First seen: 2024-04-18exploit/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318This module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/l
CVSS scores for CVE-2022-26318
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2022-26318
-
https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html
Fireware Release NotesRelease Notes;Vendor Advisory
Jump to