WatchGuard Firebox and XTM appliances allow an authenticated remote attacker to read arbitrary text files from the filesystem via the Fireware management command line interface.
Fireware OS before 12.9.3
Fireware OS 12.9.3
In order to successfully exploit this vulnerability, an attacker must successfully authenticate using a management account (read-only or read-write) to the Fireware command line interface. Firebox administrators should follow the best practices described here to securely enable remote Firebox management where needed.
Reported by independent security researcher Ren9IE