PT-2022-17188 · Watchguard · Watchguard Xtm+1

Published

2022-02-24

Updated

2022-03-04

CVE-2022-25291

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WatchGuard Firebox and XTM appliances versions prior to 12.7.2 U2 WatchGuard Firebox and XTM appliances versions 12.x prior to 12.1.3 U8 WatchGuard Firebox and XTM appliances versions 12.2.x through 12.5.x prior to 12.5.9 U2

Description An integer overflow allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image.

Recommendations For versions prior to 12.7.2 U2, update to version 12.7.2 U2 or later. For versions 12.x prior to 12.1.3 U8, update to version 12.1.3 U8 or later. For versions 12.2.x through 12.5.x prior to 12.5.9 U2, update to version 12.5.9 U2 or later.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2022-25291

Affected Products

Watchguard Firebox

Watchguard Xtm

PT-2022-17188 · Watchguard · Watchguard Xtm+1

CVE-2022-25291

Weakness Enumeration

Related Identifiers

Affected Products

References · 3