CVE-2017-8056

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware versions prior to v11.12.2

Description The issue is related to the mishandling of XML External Entity (XXE) requests in the XML-RPC agent, which can cause the Firebox wgagent process to crash. This results in the termination of all authenticated sessions, including management connections, and prevents new authenticated sessions until the process recovers. The Firebox may also experience performance degradation during the recovery of the wgagent process. An attacker can exploit this to perform a limited Denial of Service (DoS) attack by continuously sending XML-RPC requests with external entity references.

Recommendations For WatchGuard Fireware versions prior to v11.12.2, update to version v11.12.2 or later to resolve the issue.