CVE-2017-14616

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware versions prior to 12.0

Description A issue was discovered in the XML-RPC interface where a login attempt with an XML message containing an empty member element causes the wgagent to crash. This results in any user with an open session in the UI being logged out. Continuous execution of failed login attempts can render UI management of the device impossible.

Recommendations For versions prior to 12.0, update to version 12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the XML-RPC interface to minimize the risk of exploitation. Avoid using empty member elements in XML messages to the XML-RPC interface until the issue is resolved.