SB2022030458 - Multiple vulnerabilities in WatchGuard Fireware OS

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2022-26318)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can send a specially crafted XML-RPC request to the /agent/ endpoint and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-25290)

The vulnerability allows a remote user to obtain private certificate keys.

The vulnerability exists due to missing permissions checks. A remote authenticated user can retrieve certificate private keys.

3) Integer overflow (CVE-ID: CVE-2022-25291)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote user can initiate a firmware update with a malicious upgrade image, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Stack-based buffer overflow (CVE-ID: CVE-2022-25292)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in wgagent. A remote user can initiate a firmware update with a malicious upgrade image, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Stack-based buffer overflow (CVE-ID: CVE-2022-25293)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in systemd. A remote user can initiate a firmware update with a malicious upgrade image, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Arbitrary file upload (CVE-ID: CVE-2022-25360)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote user can upload a malicious file and execute it on the server.

7) Improper access control (CVE-ID: CVE-2022-25363)

The vulnerability allows a remote user to modify credentials of other users.

The vulnerability exists due to improper access restrictions. A remote user can modify privileged management user credentials and compromise the affected system.

Remediation

Install update from vendor's website.

References

• https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html