PT-2022-17239 · Watchguard · Watchguard Xtm+1

Published

2022-02-24

Updated

2022-03-04

CVE-2022-25360

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WatchGuard Firebox and XTM appliances versions prior to 12.1.3 U8 WatchGuard Firebox and XTM appliances versions 12.2.x through 12.5.x before 12.5.9 U2 WatchGuard Firebox and XTM appliances versions prior to 12.7.2 U2

Description The issue allows an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations.

Recommendations For versions prior to 12.1.3 U8, update to version 12.1.3 U8 or later. For versions 12.2.x through 12.5.x before 12.5.9 U2, update to version 12.5.9 U2 or later. For versions prior to 12.7.2 U2, update to version 12.7.2 U2 or later.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-25360

Affected Products

Watchguard Firebox

Watchguard Xtm

PT-2022-17239 · Watchguard · Watchguard Xtm+1

CVE-2022-25360

Weakness Enumeration

Related Identifiers

Affected Products

References · 4