Medium severity5.3NVD Advisory· Published Apr 22, 2017· Updated May 13, 2026

CVE-2017-8056

Description

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox.

Affected products

WatchGuard/Fireware
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Range: <=11.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txtnvdExploitThird Party AdvisoryVDB Entry
www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-SidertianvdExploitThird Party Advisory
watchguardsupport.force.com/publicKBnvdVendor Advisory
www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.htmlnvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000