CVE-2020-10532

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware versions prior to 5.8.5.10317

Description The issue allows remote attackers to discover cleartext passwords. This is achieved via the "/domains/list" URI, which is an API endpoint. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For versions prior to 5.8.5.10317, update to version 5.8.5.10317 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/domains/list" API endpoint until a patch is available.