CVE-2015-5453

Name of the Vulnerable Software and Affected Versions Watchguard XCS versions 9.2 through 10.0 before build 150522

Description The issue allows remote authenticated users to execute arbitrary commands. This is achieved by using shell metacharacters in the id parameter to the "ADMIN/mailqueue.spl" endpoint.

Recommendations For versions 9.2 through 10.0 before build 150522, update to a version after build 150522 to resolve the issue. As a temporary workaround, consider restricting access to the "ADMIN/mailqueue.spl" endpoint to minimize the risk of exploitation. Avoid using the id parameter in the affected endpoint until the issue is resolved.