Vulnerability Details : CVE-2022-31789
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Vulnerability category: OverflowExecute code
Products affected by CVE-2022-31789
- cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.8.0:u1:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.7.2:u2:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.7.1:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.7.0:u1:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.6.4:*:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.6.1:u3:*:*:*:*:*:*
- cpe:2.3:o:watchguard:fireware:12.6.1:u1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31789
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31789
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-31789
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-31789
-
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00015
Firebox Unauthenticated Buffer Overflow Vulnerability | WatchGuard TechnologiesVendor Advisory
Jump to