Vendor CVEs
WatchGuard
All CVEs
120 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10575 | Cri | 0.67 | 9.8 | 0.09 | Apr 30, 2018 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. | ||
| CVE-2018-10578 | Cri | 0.64 | 9.8 | 0.01 | May 2, 2018 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this… | ||
| CVE-2018-10577 | Hig | 0.61 | 8.8 | 0.07 | May 2, 2018 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root,… | ||
| CVE-2015-2878 | Hig | 0.61 | 8.8 | 0.04 | Oct 23, 2017 | Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2)… | ||
| CVE-2025-4106 | Hig | 0.58 | — | 0.00 | Oct 24, 2025 | An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects… | ||
| CVE-2026-3987 | Hig | 0.56 | — | 0.01 | Apr 1, 2026 | A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8… | ||
| CVE-2018-10576 | Hig | 0.54 | 7.8 | 0.02 | Apr 30, 2018 | An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). | ||
| CVE-2016-7089 | Hig | 0.54 | 7.8 | 0.01 | Aug 24, 2016 | WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. | ||
| CVE-2016-3943 | Hig | 0.54 | 7.8 | 0.01 | Apr 18, 2016 | Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | ||
| CVE-2015-7378 | Hig | 0.54 | 7.8 | 0.01 | Apr 18, 2016 | Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | ||
| CVE-2026-6788 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. | ||
| CVE-2026-6787 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. | ||
| CVE-2026-41288 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM. | ||
| CVE-2025-57624 | Hig | 0.51 | 7.8 | 0.00 | Sep 16, 2025 | A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs. | ||
| CVE-2025-24864 | Hig | 0.51 | 7.8 | 0.00 | Mar 6, 2025 | Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | ||
| CVE-2024-8424 | Hig | 0.51 | 7.8 | 0.00 | Nov 8, 2024 | Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before… | ||
| CVE-2024-1417 | Hig | 0.51 | 7.8 | 0.01 | May 16, 2024 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue… | ||
| CVE-2017-14616 | Hig | 0.49 | 7.5 | 0.02 | Sep 20, 2017 | An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing… | ||
| CVE-2025-27237 | Hig | 0.47 | — | 0.00 | Oct 3, 2025 | In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. | ||
| CVE-2026-1498 | Hig | 0.46 | — | 0.01 | Jan 30, 2026 | An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a… | ||
| CVE-2025-6999 | Med | 0.45 | — | 0.01 | Sep 15, 2025 | An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0… | ||
| CVE-2026-41286 | Med | 0.42 | 6.5 | 0.00 | May 6, 2026 | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. | ||
| CVE-2026-41287 | Med | 0.42 | 6.5 | 0.00 | May 6, 2026 | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. | ||
| CVE-2025-67545 | Med | 0.42 | 6.5 | 0.00 | Dec 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through <= 3.1.0-free. | ||
| CVE-2022-31749 | Med | 0.42 | 6.5 | 0.01 | Jan 28, 2025 | An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard… | ||
| CVE-2025-1910 | Med | 0.41 | — | 0.00 | Dec 4, 2025 | The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client… | ||
| CVE-2025-1549 | Med | 0.41 | — | 0.00 | Oct 29, 2025 | A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileges on the Windows system. This vulnerability is an additional unmitigated attack path for CVE-2024-4944. … | ||
| CVE-2025-2781 | Med | 0.41 | — | 0.00 | Mar 28, 2025 | The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects… | ||
| CVE-2017-14615 | Med | 0.40 | 6.1 | 0.01 | Sep 20, 2017 | An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be… | ||
| CVE-2017-8060 | Med | 0.38 | 5.9 | 0.01 | May 5, 2017 | Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | ||
| CVE-2017-8339 | Med | 0.36 | 5.5 | 0.00 | Apr 30, 2017 | PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | ||
| CVE-2017-8056 | Med | 0.35 | 5.3 | 0.05 | Apr 22, 2017 | WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections,… | ||
| CVE-2017-8055 | Med | 0.35 | 5.3 | 0.02 | Apr 22, 2017 | WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could… | ||
| CVE-2025-6947 | Med | 0.31 | — | 0.00 | Sep 15, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This… | ||
| CVE-2025-4805 | Med | 0.31 | — | 0.00 | May 16, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS:… | ||
| CVE-2025-4804 | Med | 0.31 | — | 0.00 | May 16, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This… | ||
| CVE-2025-1239 | Med | 0.31 | — | 0.00 | Feb 14, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This… | ||
| CVE-2022-26318 | 0.22 | — | 0.78 | KEV | Mar 4, 2022 | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||
| CVE-2025-9242 | 0.18 | — | 0.86 | KEV | Sep 17, 2025 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway… | ||
| CVE-2025-14733 | 0.14 | — | 0.18 | KEV | Dec 19, 2025 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway… | ||
| CVE-2022-23176 | 0.13 | — | 0.12 | KEV | Feb 24, 2022 | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through… | ||
| CVE-2015-5453 | 0.08 | — | 0.57 | Jul 8, 2015 | Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | |||
| CVE-2013-6021 | 0.04 | — | 0.12 | Oct 19, 2013 | Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. | |||
| CVE-2015-5452 | 0.03 | — | 0.03 | Jul 8, 2015 | SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3. | |||
| CVE-2013-5701 | 0.03 | — | 0.01 | Oct 3, 2013 | Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll… | |||
| CVE-2011-2165 | 0.03 | — | 0.05 | May 23, 2011 | The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a… | |||
| CVE-2001-0049 | 0.03 | — | 0.03 | Feb 16, 2001 | WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. | |||
| CVE-2024-5974 | 0.01 | — | 0.01 | Jul 9, 2024 | A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. | |||
| CVE-2020-10532 | 0.01 | — | 0.03 | Mar 12, 2020 | The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | |||
| CVE-2005-1214 | 0.01 | — | 0.13 | Jun 14, 2005 | Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. |
- risk 0.67cvss 9.8epss 0.09
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this…
- risk 0.61cvss 8.8epss 0.07
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root,…
- risk 0.61cvss 8.8epss 0.04
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2)…
- risk 0.58cvss —epss 0.00
An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects…
- risk 0.56cvss —epss 0.01
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8…
- risk 0.54cvss 7.8epss 0.02
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).
- risk 0.54cvss 7.8epss 0.01
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
- risk 0.54cvss 7.8epss 0.01
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
- risk 0.54cvss 7.8epss 0.01
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
- risk 0.51cvss 7.8epss 0.00
Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
- risk 0.51cvss 7.8epss 0.00
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.
- risk 0.51cvss 7.8epss 0.00
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.
- risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs.
- risk 0.51cvss 7.8epss 0.00
Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.
- risk 0.51cvss 7.8epss 0.00
Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before…
- risk 0.51cvss 7.8epss 0.01
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue…
- risk 0.49cvss 7.5epss 0.02
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing…
- risk 0.47cvss —epss 0.00
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
- risk 0.46cvss —epss 0.01
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a…
- risk 0.45cvss —epss 0.01
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0…
- risk 0.42cvss 6.5epss 0.00
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
- risk 0.42cvss 6.5epss 0.00
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through <= 3.1.0-free.
- risk 0.42cvss 6.5epss 0.01
An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard…
- risk 0.41cvss —epss 0.00
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client…
- risk 0.41cvss —epss 0.00
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileges on the Windows system. This vulnerability is an additional unmitigated attack path for CVE-2024-4944. …
- risk 0.41cvss —epss 0.00
The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects…
- risk 0.40cvss 6.1epss 0.01
An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be…
- risk 0.38cvss 5.9epss 0.01
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
- risk 0.36cvss 5.5epss 0.00
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.
- risk 0.35cvss 5.3epss 0.05
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections,…
- risk 0.35cvss 5.3epss 0.02
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could…
- risk 0.31cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This…
- risk 0.31cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS:…
- risk 0.31cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This…
- risk 0.31cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This…
- risk 0.22cvss —epss 0.78
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
- risk 0.18cvss —epss 0.86
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway…
- risk 0.14cvss —epss 0.18
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway…
- risk 0.13cvss —epss 0.12
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through…
- CVE-2015-5453Jul 8, 2015risk 0.08cvss —epss 0.57
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
- CVE-2013-6021Oct 19, 2013risk 0.04cvss —epss 0.12
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
- CVE-2015-5452Jul 8, 2015risk 0.03cvss —epss 0.03
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
- CVE-2013-5701Oct 3, 2013risk 0.03cvss —epss 0.01
Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll…
- CVE-2011-2165May 23, 2011risk 0.03cvss —epss 0.05
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a…
- CVE-2001-0049Feb 16, 2001risk 0.03cvss —epss 0.03
WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests.
- CVE-2024-5974Jul 9, 2024risk 0.01cvss —epss 0.01
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3.
- CVE-2020-10532Mar 12, 2020risk 0.01cvss —epss 0.03
The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.
- CVE-2005-1214Jun 14, 2005risk 0.01cvss —epss 0.13
Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
Page 1 of 3