CVE-2022-26318

CVSS 9.8 CRITICALEPSS 78.3%● KEV

In short

An unauthenticated attacker can execute arbitrary code on WatchGuard Firebox and XTM firewall appliances without needing credentials. This is critical because it allows complete compromise of the firewall, which is supposed to be a trusted security barrier.

Technical detail

Unauthenticated remote code execution in WatchGuard Fireware OS (versions <12.7.2_U2, 12.x <12.1.3_U8, 12.2.x-12.5.x <12.5.9_U2) allows arbitrary code execution on affected appliances. The attack vector is network-based and requires no prior authentication or user interaction, resulting in complete system compromise.

Summary generated and translated by AI from the official description.

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 4

githubgithub.com/misterxid/watchguard_cve-2022-26318★ 11 githubgithub.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318★ 2 githubgithub.com/BabyTeam1024/CVE-2022-26318★ 2 githubgithub.com/egilas/Watchguard-RCE-POC-CVE-2022-26318★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26318 https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html