Metasploit modules that can be used to exploit Watchguard products

Order by Disclosure Date Module Name Module Type
  • WatchGuard XTM Firebox Unauthenticated Remote Command Execution
    Disclosure Date: 2022-08-29
    First seen: 2024-04-18
    exploit/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318
    This module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody. Authors: - h00die-gr3y <h00die.gr3y@gmail.com> - Charles Fol (Ambionics Security) - Dylan Pindur (AssetNote) - Misterxid
  • Watchguard XCS Remote Command Execution
    Disclosure Date: 2015-06-29
    First seen: 2020-04-26
    exploit/freebsd/http/watchguard_cmd_exec
    This module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user. Authors: - Daniel Jensen <daniel.jensen@security-assessment.com>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close