Medium severity5.3NVD Advisory· Published Apr 22, 2017· Updated May 13, 2026

CVE-2017-8055

Description

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.

Affected products

WatchGuard/Fireware
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Range: <=11.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txtnvdExploitThird Party AdvisoryVDB Entry
www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-SidertianvdExploitThird Party Advisory
watchguardsupport.force.com/publicKBnvdVendor Advisory
www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.htmlnvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000