XXE attack in WatchGuard Fireware

#VU8533 XXE attack in WatchGuard Fireware

Published: 2017-09-20

Vulnerability identifier: #VU8533

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-611

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WatchGuard Fireware
Hardware solutions / Firmware

Vendor: WatchGuard

Description
The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists due to input validation flaw when handling XML message containing an empty member tag. A remote attacker can send a specially crafted login request to the XML-RPC interface, trigger the target wgagent service to crash and cause all user interface sessions to be logged out.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Update to version 12.0.

Vulnerable software versions

WatchGuard Fireware: 11.3 - 11.12.4

External links
http://www.sidertia.com/Home/Community/Blog/2017/09/18/Fixed-Fireware-XXE-DOS-and-stored-XSS-vulner...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Two vulnerabilities in WatchGuard Fireware