https://www.watchguard.com/ en https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00008 <span class="field field--name-title field--type-string field--label-hidden">Heap Buffer Overflow in libwebp WebP Codec</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2023-00008</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2023-11-01T10:40:18-07:00" title="Wednesday, November 1, 2023 - 10:40" class="datetime">Wed, 11/01/2023 - 10:40</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2023-4863</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">Critical</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Not Applicable</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Firebox,</span> <span class="field__item">Endpoint,</span> <span class="field__item">WatchGuard Cloud,</span> <span class="field__item">Dimension,</span> <span class="field__item">Other Software,</span> <span class="field__item">Secure Wi-Fi</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2023-11-01T17:33:22Z" class="datetime">2023-11-01</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-11-01T17:33:03Z" class="datetime">2023-11-01</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">False</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>On September 11th 2023, Google published an advisory describing a vulnerability in Google Chrome that could allow a remote attacker to potentially execute arbitrary code using a carefully crafted WebP image file. On September 25th, the vulnerability scope was expanded to include the libwebp library used by many applications beyond Google Chrome.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>No WatchGuard products use the affected version of the libwebp library</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>No resolution necessary</p></div> </div> <div class="field field--name-field-adv-references field--type-link field--label-inline"> <div class="field__label">References</div> <div class='field__items'> <div class="field__item odd field__item--1"><a href="https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html">https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop…</a></div> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T15,</span> <span class="field__item">T15-W,</span> <span class="field__item">T35,</span> <span class="field__item">T35-W,</span> <span class="field__item">T35-R,</span> <span class="field__item">T55,</span> <span class="field__item">T55-W,</span> <span class="field__item">T70</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 8 Series (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM850,</span> <span class="field__item">XTM860,</span> <span class="field__item">XTM870,</span> <span class="field__item">XTM870-F</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 1500 and 2520</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM1520-RP,</span> <span class="field__item">XTM1525-RP,</span> <span class="field__item">XTM2520</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T20,</span> <span class="field__item">T20-W,</span> <span class="field__item">T40,</span> <span class="field__item">T40-W,</span> <span class="field__item">T80</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T10,</span> <span class="field__item">T10-W,</span> <span class="field__item">T10-D,</span> <span class="field__item">T30,</span> <span class="field__item">T30-W,</span> <span class="field__item">T50,</span> <span class="field__item">T50-W</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M270,</span> <span class="field__item">M370,</span> <span class="field__item">M470,</span> <span class="field__item">M570,</span> <span class="field__item">M670</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M200,</span> <span class="field__item">M300,</span> <span class="field__item">M400,</span> <span class="field__item">M440,</span> <span class="field__item">M500</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M290,</span> <span class="field__item">M390,</span> <span class="field__item">M590,</span> <span class="field__item">M690,</span> <span class="field__item">M4800,</span> <span class="field__item">M5800</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTMv</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">Datacenter</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxV</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxCloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (4th Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">NV5,</span> <span class="field__item">T25,</span> <span class="field__item">T45,</span> <span class="field__item">T85</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda Dome</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Essential,</span> <span class="field__item">Advanced,</span> <span class="field__item">Complete,</span> <span class="field__item">Premium</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda AD360</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AD360</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">EPP,</span> <span class="field__item">EDR,</span> <span class="field__item">EPDR</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">WatchGuard Cloud</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard Cloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">WatchGuard Cloud</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Dimension</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Dimension</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Dimension</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Other Software</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard System Manager (WSM)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">WSM</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Other Software</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Authentication Gateway</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Authentication Gateway</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Secure Wi-Fi</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Wi-Fi 6</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AP130,</span> <span class="field__item">AP330,</span> <span class="field__item">AP430CR,</span> <span class="field__item">AP432</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Secure Wi-Fi</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Wi-Fi 4 &amp; 5</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AP322,</span> <span class="field__item">AP420,</span> <span class="field__item">AP125,</span> <span class="field__item">AP225W,</span> <span class="field__item">AP325,</span> <span class="field__item">AP327X</span> </div> </div> </div> </div> </div> </div> Wed, 01 Nov 2023 17:40:18 +0000 WatchGuard 88111 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00004 <span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR and AD360 Local Privilege Escalation</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2023-00004</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2023-09-28T00:30:47-07:00" title="Thursday, September 28, 2023 - 00:30" class="datetime">Thu, 09/28/2023 - 00:30</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2023-26236</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">High</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Resolved</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T07:26:54Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T08:27:29Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">False</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">7.8</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions up to, and including, 8.00.22.0009 allows an adversary with local access to achieve privilege escalation by providing crafted parameters to a protection agent component.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions before 8.00.22.0010</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 version 8.00.22.0010</p></div> </div> <div class="field field--name-field-adv-credits field--type-string field--label-inline"> <div class="field__label">Credits</div> <div class='field__items d-inline'> <span class="field__item">Marcos Díaz Castiñeiras (https://www.linkedin.com/in/mdiazcast/) and Antón Ortigueira Vázquez (https://www.linkedin.com/in/antonortigueira/) from BlackArrow (Tarlogic).</span> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda AD360</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AD360</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">EPP,</span> <span class="field__item">EDR,</span> <span class="field__item">EPDR</span> </div> </div> </div> </div> </div> </div> Thu, 28 Sep 2023 07:30:47 +0000 WatchGuard 86886 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00005 <span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR and AD360 Advanced Protection Bypass Vulnerability via Registry Key</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2023-00005</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2023-09-28T00:30:47-07:00" title="Thursday, September 28, 2023 - 00:30" class="datetime">Thu, 09/28/2023 - 00:30</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2023-26237</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">Medium</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Resolved</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T07:27:19Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T08:27:29Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">True</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">6.7</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions up to, and including, 8.00.22.0009 allows an adversary with local access and system privileges to bypass the Advanced Protection feature by setting a Windows registry key. A successful exploit of this vulnerability could allow an attacker to execute a binary that has not completed classification.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions before 8.00.22.0010</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 version 8.00.22.0010</p></div> </div> <div class="field field--name-field-adv-credits field--type-string field--label-inline"> <div class="field__label">Credits</div> <div class='field__items d-inline'> <span class="field__item">Marcos Díaz Castiñeiras (https://www.linkedin.com/in/mdiazcast/) and Antón Ortigueira Vázquez (https://www.linkedin.com/in/antonortigueira/) from BlackArrow (Tarlogic).</span> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda AD360</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AD360</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">EPP,</span> <span class="field__item">EDR,</span> <span class="field__item">EPDR</span> </div> </div> </div> </div> </div> </div> Thu, 28 Sep 2023 07:30:47 +0000 WatchGuard 86891 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00006 <span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR and AD360 Anti-Tamper Protection Bypass Vulnerability</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2023-00006</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2023-09-28T00:30:47-07:00" title="Thursday, September 28, 2023 - 00:30" class="datetime">Thu, 09/28/2023 - 00:30</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2023-26238</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">High</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Resolved</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T07:27:25Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T08:27:29Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">False</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">7.7</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions up to, and including, 8.00.22.0009 allows an adversary with local access to bypass anti-tamper protection by sending crafted commands to the protection agent via IPC.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions before 8.00.22.0010</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 version 8.00.22.0010</p></div> </div> <div class="field field--name-field-adv-credits field--type-string field--label-inline"> <div class="field__label">Credits</div> <div class='field__items d-inline'> <span class="field__item">Marcos Díaz Castiñeiras (https://www.linkedin.com/in/mdiazcast/) and Antón Ortigueira Vázquez (https://www.linkedin.com/in/antonortigueira/) from BlackArrow (Tarlogic).</span> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda AD360</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AD360</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">EPP,</span> <span class="field__item">EDR,</span> <span class="field__item">EPDR</span> </div> </div> </div> </div> </div> </div> Thu, 28 Sep 2023 07:30:47 +0000 WatchGuard 86896 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00007 <span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR and AD360 Local Protection Management Password Exposure Vulnerability</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2023-00007</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2023-09-28T00:30:47-07:00" title="Thursday, September 28, 2023 - 00:30" class="datetime">Thu, 09/28/2023 - 00:30</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2023-26239</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">Medium</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Resolved</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T07:27:29Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-09-28T08:27:29Z" class="datetime">2023-09-28</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">False</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">5.5</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions up to, and including, 8.00.22.0009 allows an adversary with local access to recover the local protection management password by monitoring inter-process communications.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 versions before 8.00.22.0010</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>WatchGuard EPDR and Panda AD360 version 8.00.22.0010</p></div> </div> <div class="field field--name-field-adv-credits field--type-string field--label-inline"> <div class="field__label">Credits</div> <div class='field__items d-inline'> <span class="field__item">Marcos Díaz Castiñeiras (https://www.linkedin.com/in/mdiazcast/) and Antón Ortigueira Vázquez (https://www.linkedin.com/in/antonortigueira/) from BlackArrow (Tarlogic).</span> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda AD360</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AD360</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">EPP,</span> <span class="field__item">EDR,</span> <span class="field__item">EPDR</span> </div> </div> </div> </div> </div> </div> Thu, 28 Sep 2023 07:30:47 +0000 WatchGuard 86881 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00002 <span class="field field--name-title field--type-string field--label-hidden">Firebox Authenticated Arbitrary File Read Vulnerability</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2023-00002</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2023-05-04T17:10:08-07:00" title="Thursday, May 4, 2023 - 17:10" class="datetime">Thu, 05/04/2023 - 17:10</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2023-2357</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">Medium</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Resolved</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2023-05-05T00:06:32Z" class="datetime">2023-05-05</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-05-04T06:57:17Z" class="datetime">2023-05-04</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">True</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">4.9</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N </div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>WatchGuard Firebox and XTM appliances allow an authenticated remote attacker to read arbitrary text files from the filesystem via the Fireware management command line interface.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>Fireware OS before 12.9.3</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>Fireware OS 12.9.3</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-workaround field--type-text-long field--label-inline"> <div class="field__label">Workaround</div> <div class="field__item odd field__item--1"><p>In order to successfully exploit this vulnerability, an attacker must successfully authenticate using a management account (read-only or read-write) to the Fireware command line interface. Firebox administrators should follow the best practices <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000XeAtSAK&amp;lang=en_US">described here</a> to securely enable remote Firebox management where needed.</p></div> </div> <div class="field field--name-field-adv-credits field--type-string field--label-inline"> <div class="field__label">Credits</div> <div class='field__items d-inline'> <span class="field__item">Reported by independent security researcher Ren9IE</span> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 8 Series (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM850,</span> <span class="field__item">XTM860,</span> <span class="field__item">XTM870,</span> <span class="field__item">XTM870-F</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 1500 and 2520</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM1520-RP,</span> <span class="field__item">XTM1525-RP,</span> <span class="field__item">XTM2520</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T10,</span> <span class="field__item">T10-W,</span> <span class="field__item">T10-D,</span> <span class="field__item">T30,</span> <span class="field__item">T30-W,</span> <span class="field__item">T50,</span> <span class="field__item">T50-W</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T15,</span> <span class="field__item">T15-W,</span> <span class="field__item">T35,</span> <span class="field__item">T35-W,</span> <span class="field__item">T35-R,</span> <span class="field__item">T55,</span> <span class="field__item">T55-W,</span> <span class="field__item">T70</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T20,</span> <span class="field__item">T20-W,</span> <span class="field__item">T40,</span> <span class="field__item">T40-W,</span> <span class="field__item">T80</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M200,</span> <span class="field__item">M300,</span> <span class="field__item">M400,</span> <span class="field__item">M440,</span> <span class="field__item">M500</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M270,</span> <span class="field__item">M370,</span> <span class="field__item">M470,</span> <span class="field__item">M570,</span> <span class="field__item">M670</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M290,</span> <span class="field__item">M390,</span> <span class="field__item">M590,</span> <span class="field__item">M690,</span> <span class="field__item">M4800,</span> <span class="field__item">M5800</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTMv</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">Datacenter</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxV</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (4th Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">NV5,</span> <span class="field__item">T25,</span> <span class="field__item">T45,</span> <span class="field__item">T85</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxCloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> </div> </div> Fri, 05 May 2023 00:10:08 +0000 WatchGuard 81656 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00001 <span class="field field--name-title field--type-string field--label-hidden">OpenSSH Server 9.1 Double Free Vulnerability (CVE-2023-25136)</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2023-00001</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2023-03-22T12:51:03-07:00" title="Wednesday, March 22, 2023 - 12:51" class="datetime">Wed, 03/22/2023 - 12:51</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2023-25136</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">Medium</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Not Applicable</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Firebox,</span> <span class="field__item">Dimension</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2023-03-22T19:47:45Z" class="datetime">2023-03-22</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-03-22T19:10:03Z" class="datetime">2023-03-22</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">False</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">6.5</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H </div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>On February 3, 2023, researchers at Qualys disclosed CVE-2023-25136, a double free vulnerability in OpenSSH Server v9.1. The exploit is non-trivial but a successful exploit could allow an unauthenticated attacker to execute arbitrary code on an unprotected system.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><table><thead><tr><th>Product</th> <th>Affected Version(s)</th> <th>Note</th> </tr></thead><tbody><tr><td>Firebox</td> <td>Not Impacted</td> <td>The Firebox does not use a vulnerable version of OpenSSH. Note, some vulnerability scanners may incorrectly report the Firebox's OpenSSH server as vulnerable</td> </tr><tr><td>Dimension</td> <td>Not Impacted</td> <td>Dimension uses a patched version of OpenSSH that is not affected by this vulnerability</td> </tr></tbody></table></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><table><thead><tr><th>Product</th> <th>Affected Version(s)</th> <th>Note</th> </tr></thead><tbody><tr><td>Firebox</td> <td>Not Impacted</td> <td>The Firebox does not use a vulnerable version of OpenSSH. Note, some vulnerability scanners may incorrectly report the Firebox's OpenSSH server as vulnerable</td> </tr><tr><td>Dimension</td> <td>Not Impacted</td> <td>Dimension uses a patched version of OpenSSH that is not affected by this vulnerability</td> </tr></tbody></table></div> </div> <div class="field field--name-field-adv-references field--type-link field--label-inline"> <div class="field__label">References</div> <div class='field__items'> <div class="field__item odd field__item--1"><a href="https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1">https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-251…</a></div> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 8 Series (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM850,</span> <span class="field__item">XTM860,</span> <span class="field__item">XTM870,</span> <span class="field__item">XTM870-F</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 1500 and 2520</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM1520-RP,</span> <span class="field__item">XTM1525-RP,</span> <span class="field__item">XTM2520</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T10,</span> <span class="field__item">T10-W,</span> <span class="field__item">T10-D,</span> <span class="field__item">T30,</span> <span class="field__item">T30-W,</span> <span class="field__item">T50,</span> <span class="field__item">T50-W</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T15,</span> <span class="field__item">T15-W,</span> <span class="field__item">T35,</span> <span class="field__item">T35-W,</span> <span class="field__item">T35-R,</span> <span class="field__item">T55,</span> <span class="field__item">T55-W,</span> <span class="field__item">T70</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T20,</span> <span class="field__item">T20-W,</span> <span class="field__item">T40,</span> <span class="field__item">T40-W,</span> <span class="field__item">T80</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M200,</span> <span class="field__item">M300,</span> <span class="field__item">M400,</span> <span class="field__item">M440,</span> <span class="field__item">M500</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M270,</span> <span class="field__item">M370,</span> <span class="field__item">M470,</span> <span class="field__item">M570,</span> <span class="field__item">M670</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M290,</span> <span class="field__item">M390,</span> <span class="field__item">M590,</span> <span class="field__item">M690,</span> <span class="field__item">M4800,</span> <span class="field__item">M5800</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTMv</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">Datacenter</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxCloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxV</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (4th Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">NV5,</span> <span class="field__item">T25,</span> <span class="field__item">T45,</span> <span class="field__item">T85</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Dimension</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Dimension</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Dimension</span> </div> </div> </div> </div> </div> </div> Wed, 22 Mar 2023 19:51:03 +0000 WatchGuard 80071 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00021 <span class="field field--name-title field--type-string field--label-hidden">OpenSSL CVE-2022-3602 and CVE-2022-3786</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2022-00021</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2022-11-01T10:01:19-07:00" title="Tuesday, November 1, 2022 - 10:01" class="datetime">Tue, 11/01/2022 - 10:01</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2022-3602, CVE-2022-3786</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">High</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Not Applicable</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Firebox,</span> <span class="field__item">Endpoint,</span> <span class="field__item">WatchGuard Cloud,</span> <span class="field__item">Dimension,</span> <span class="field__item">Other Software,</span> <span class="field__item">Secure Wi-Fi</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2022-11-01T16:28:48Z" class="datetime">2022-11-01</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2023-11-01T14:56:14Z" class="datetime">2023-11-01</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">True</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">9.0</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">TBD</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p><em>Updated 2 November 2022, 12:22 PDT: Added response for Endpoint products</em></p> <p>On 1 November 2022, OpenSSL disclosed CVE-2022-3602 and CVE-2022-3786, two high severity buffer overflow vulnerabilities in certificate validation present in OpenSSL 3.0.x up to and including 3.0.6. An attacker could exploit either vulnerability with a maliciously-crafted certificate that has been signed by a trusted certificate authority.</p> <p>Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors have led this to be downgraded to HIGH.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><table><thead><tr><th>Product</th> <th>Affected Version(s)</th> <th>Note</th> </tr></thead><tbody><tr><td>Firebox</td> <td>Not Impacted</td> <td>The Firebox does not use a vulnerable version of OpenSSL</td> </tr><tr><td>WSM</td> <td>Not Impacted</td> <td>WSM does not use a vulnerable version of OpenSSL</td> </tr><tr><td>Dimension</td> <td>Not Impacted</td> <td>Dimension does not use a vulnerable version of OpenSSL</td> </tr><tr><td>Cloud Wi-Fi APs</td> <td>Not Impacted</td> <td>WatchGuard APs do not use a vulnerable version of OpenSSL</td> </tr><tr><td>Endpoint</td> <td>Not Impacted</td> <td>WatchGuard EPDR and Panda AD360 do not use a vulnerable version of OpenSSL</td> </tr></tbody></table></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><table><thead><tr><th>Product</th> <th>Affected Version(s)</th> <th>Note</th> </tr></thead><tbody><tr><td>Firebox</td> <td>Not Impacted</td> <td>The Firebox does not use a vulnerable version of OpenSSL</td> </tr><tr><td>WSM</td> <td>Not Impacted</td> <td>WSM does not use a vulnerable version of OpenSSL</td> </tr><tr><td>Dimension</td> <td>Not Impacted</td> <td>Dimension does not use a vulnerable version of OpenSSL</td> </tr><tr><td>Cloud Wi-Fi APs</td> <td>Not Impacted</td> <td>WatchGuard APs do not use a vulnerable version of OpenSSL</td> </tr><tr><td>Endpoint</td> <td>Not Impacted</td> <td>WatchGuard EPDR and Panda AD360 do not use a vulnerable version of OpenSSL</td> </tr></tbody></table></div> </div> <div class="field field--name-field-adv-references field--type-link field--label-inline"> <div class="field__label">References</div> <div class='field__items'> <div class="field__item odd field__item--1"><a href="https://www.openssl.org/news/secadv/20221101.txt">https://www.openssl.org/news/secadv/20221101.txt</a></div> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 8 Series (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM850,</span> <span class="field__item">XTM860,</span> <span class="field__item">XTM870,</span> <span class="field__item">XTM870-F</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T10,</span> <span class="field__item">T10-W,</span> <span class="field__item">T10-D,</span> <span class="field__item">T30,</span> <span class="field__item">T30-W,</span> <span class="field__item">T50,</span> <span class="field__item">T50-W</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 1500 and 2520</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM1520-RP,</span> <span class="field__item">XTM1525-RP,</span> <span class="field__item">XTM2520</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T20,</span> <span class="field__item">T20-W,</span> <span class="field__item">T40,</span> <span class="field__item">T40-W,</span> <span class="field__item">T80</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M200,</span> <span class="field__item">M300,</span> <span class="field__item">M400,</span> <span class="field__item">M440,</span> <span class="field__item">M500</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M270,</span> <span class="field__item">M370,</span> <span class="field__item">M470,</span> <span class="field__item">M570,</span> <span class="field__item">M670</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T15,</span> <span class="field__item">T15-W,</span> <span class="field__item">T35,</span> <span class="field__item">T35-W,</span> <span class="field__item">T35-R,</span> <span class="field__item">T55,</span> <span class="field__item">T55-W,</span> <span class="field__item">T70</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M290,</span> <span class="field__item">M390,</span> <span class="field__item">M590,</span> <span class="field__item">M690,</span> <span class="field__item">M4800,</span> <span class="field__item">M5800</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxV</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTMv</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">Datacenter</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxCloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda Dome</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Essential,</span> <span class="field__item">Advanced,</span> <span class="field__item">Complete,</span> <span class="field__item">Premium</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Panda AD360</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AD360</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Endpoint</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard EPDR</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">EPP,</span> <span class="field__item">EDR,</span> <span class="field__item">EPDR</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">WatchGuard Cloud</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard Cloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">WatchGuard Cloud</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Dimension</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Dimension</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Dimension</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Other Software</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">WatchGuard System Manager (WSM)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">WSM</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Secure Wi-Fi</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Wi-Fi 6</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AP130,</span> <span class="field__item">AP330,</span> <span class="field__item">AP430CR,</span> <span class="field__item">AP432</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Secure Wi-Fi</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Wi-Fi 4 &amp; 5</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">AP322,</span> <span class="field__item">AP420,</span> <span class="field__item">AP125,</span> <span class="field__item">AP225W,</span> <span class="field__item">AP325,</span> <span class="field__item">AP327X</span> </div> </div> </div> </div> </div> </div> Tue, 01 Nov 2022 17:01:19 +0000 WatchGuard 71886 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00020 <span class="field field--name-title field--type-string field--label-hidden">OpenVPN Unauthenticated Access To Control Channel Data (CVE-2020-15078)</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2022-00020</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2022-07-05T07:50:01-07:00" title="Tuesday, July 5, 2022 - 07:50" class="datetime">Tue, 07/05/2022 - 07:50</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2020-15078</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">High</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Investigating</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2022-07-05T14:42:51Z" class="datetime">2022-07-05</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2022-07-05T17:37:20Z" class="datetime">2022-07-05</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">True</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">7.5</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1"> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>A bug found in OpenVPN that may also apply to Watchguard Mobile VPN could allow a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication which can be used to potentially trigger further information leaks. Based off the limited vulnerability details we believe this vulnerability may impact Fireware OS releases after 12.5.3 and have updated the version of OpenSSL included in Fireware OS 12.8.1 out of an abundance of caution.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>Fireware OS before 12.8.1 and 12.5.3 up to and including 12.5.10.</p> <p><em>Note: Firebox Fireware OS 12.1.x and before is <strong>not</strong> vulnerable</em></p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>Resolved in Fireware OS 12.8.1 release</p></div> </div> <div class="field field--name-field-adv-references field--type-link field--label-inline"> <div class="field__label">References</div> <div class='field__items'> <div class="field__item odd field__item--1"><a href="https://community.openvpn.net/openvpn/wiki/CVE-2020-15078">https://community.openvpn.net/openvpn/wiki/CVE-2020-15078</a></div> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T15,</span> <span class="field__item">T15-W,</span> <span class="field__item">T35,</span> <span class="field__item">T35-W,</span> <span class="field__item">T35-R,</span> <span class="field__item">T55,</span> <span class="field__item">T55-W,</span> <span class="field__item">T70</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T20,</span> <span class="field__item">T20-W,</span> <span class="field__item">T40,</span> <span class="field__item">T40-W,</span> <span class="field__item">T80</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M270,</span> <span class="field__item">M370,</span> <span class="field__item">M470,</span> <span class="field__item">M570,</span> <span class="field__item">M670</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M290,</span> <span class="field__item">M390,</span> <span class="field__item">M590,</span> <span class="field__item">M690,</span> <span class="field__item">M4800,</span> <span class="field__item">M5800</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxV</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxCloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> </div> </div> Tue, 05 Jul 2022 14:50:01 +0000 WatchGuard 68231 at https://www.watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00019 <span class="field field--name-title field--type-string field--label-hidden">Firebox Limited Authenticated Arbitrary File Read/Write Vulnerability</span> <div class="field field--name-field-adv-id field--type-string field--label-inline"> <div class="field__label">Advisory ID</div> <div class="field__item odd field__item--1">WGSA-2022-00019</div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>WatchGuard</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2022-06-23T13:50:01-07:00" title="Thursday, June 23, 2022 - 13:50" class="datetime">Thu, 06/23/2022 - 13:50</time> </span> <div class="field field--name-field-adv-cve field--type-string-long field--label-inline"> <div class="field__label">CVE</div> <div class="field__item odd field__item--1">CVE-2022-31749</div> </div> <div class="field field--name-field-adv-impact field--type-list-integer field--label-inline"> <div class="field__label">Impact</div> <div class="field__item odd field__item--1">Medium</div> </div> <div class="field field--name-field-adv-status field--type-list-string field--label-inline"> <div class="field__label">Status</div> <div class="field__item odd field__item--1">Resolved</div> </div> <div class="field field--name-field-adv-product-family field--type-entity-reference field--label-inline"> <div class="field__label">Product Family</div> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> <div class="field field--name-field-adv-published-date field--type-datetime field--label-inline"> <div class="field__label">Published Date</div> <div class="field__item odd field__item--1"><time datetime="2022-06-23T20:47:51Z" class="datetime">2022-06-23</time> </div> </div> <div class="field field--name-field-adv-updated-date field--type-datetime field--label-inline"> <div class="field__label">Updated Date</div> <div class="field__item odd field__item--1"><time datetime="2022-06-17T22:54:21Z" class="datetime">2022-06-17</time> </div> </div> <div class="field field--name-field-adv-workaround-available field--type-boolean field--label-inline"> <div class="field__label">Workaround Available</div> <div class="field__item odd field__item--1">False</div> </div> <div class="field field--name-field-adv-cvss-score field--type-decimal field--label-inline"> <div class="field__label">CVSS Score</div> <div class="field__item odd field__item--1">6.5</div> </div> <div class="field field--name-field-adv-cvss-vector field--type-string field--label-inline"> <div class="field__label">CVSS Vector</div> <div class="field__item odd field__item--1">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-inline"> <div class="field__label">Summary</div> <div class="field__item odd field__item--1"><p>WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations.</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-affected field--type-text-long field--label-inline"> <div class="field__label">Affected</div> <div class="field__item odd field__item--1"><p>Fireware OS before 12.8.1, 12.x before 12.1.4, and 12.2.x through 12.5.x before 12.5.10</p></div> </div> <div class="clearfix text-formatted field field--name-field-adv-resolution field--type-text-long field--label-inline"> <div class="field__label">Resolution</div> <div class="field__item odd field__item--1"><p>Fireware OS 12.8.1, 12.5.10, 12.1.4</p></div> </div> <div class="field field--name-field-adv-credits field--type-string field--label-inline"> <div class="field__label">Credits</div> <div class='field__items d-inline'> <span class="field__item">Jake Baines of Rapid7</span> </div> </div> <div class="field field--name-field-adv-products field--type-entity-reference field--label-above mt-3"> <div class="field__label mb-1">Advisory Product List</div> <div class="striped-table zebra mt-2"> <div class="row head align-items-end"> <div class="d-inline column column--family">Product Family</div> <div class="d-inline column column--branch">Product Branch</div> <div class="d-inline column column--list column--initial">Product List</div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 8 Series (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM850,</span> <span class="field__item">XTM860,</span> <span class="field__item">XTM870,</span> <span class="field__item">XTM870-F</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTM 1500 and 2520</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">XTM1520-RP,</span> <span class="field__item">XTM1525-RP,</span> <span class="field__item">XTM2520</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T10,</span> <span class="field__item">T10-W,</span> <span class="field__item">T10-D,</span> <span class="field__item">T30,</span> <span class="field__item">T30-W,</span> <span class="field__item">T50,</span> <span class="field__item">T50-W</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T15,</span> <span class="field__item">T15-W,</span> <span class="field__item">T35,</span> <span class="field__item">T35-W,</span> <span class="field__item">T35-R,</span> <span class="field__item">T55,</span> <span class="field__item">T55-W,</span> <span class="field__item">T70</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (1st Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M200,</span> <span class="field__item">M300,</span> <span class="field__item">M400,</span> <span class="field__item">M440,</span> <span class="field__item">M500</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (2nd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M270,</span> <span class="field__item">M370,</span> <span class="field__item">M470,</span> <span class="field__item">M570,</span> <span class="field__item">M670</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox T (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">T20,</span> <span class="field__item">T20-W,</span> <span class="field__item">T40,</span> <span class="field__item">T40-W,</span> <span class="field__item">T80</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">Firebox M (3rd Gen)</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">M290,</span> <span class="field__item">M390,</span> <span class="field__item">M590,</span> <span class="field__item">M690,</span> <span class="field__item">M4800,</span> <span class="field__item">M5800</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">XTMv</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">Datacenter</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxV</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> <div class="node node--type-advisory-product-branch row align-items-center"> <div class="d-inline column column--family"><div class="field field--name-field-adv-product-family field--type-entity-reference field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Firebox</span> </div> </div> </div> <div class="d-inline column column--branch"><span class="field field--name-title field--type-string field--label-hidden">FireboxCloud</span> </div> <div class="d-inline column column--list column--initial"><div class="field field--name-field-adv-product-list field--type-string field--label-hidden"> <div class='field__items d-inline'> <span class="field__item">Small,</span> <span class="field__item">Medium,</span> <span class="field__item">Large,</span> <span class="field__item">XLarge</span> </div> </div> </div> </div> </div> </div> Thu, 23 Jun 2022 20:50:01 +0000 WatchGuard 67796 at https://www.watchguard.com