CVE Vulnerability

CVE-2022-31792

A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00014 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:o:watchguard:fireware:12.8.0:u1:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.7.2:u2:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.7.1:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.7.0:u1:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.6.3:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.6.4:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.6.1:u3:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.6.1:u1:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Information

Published : 2022-09-06 07:15

Updated : 2022-09-09 07:28

NVD link : CVE-2022-31792

Mitre link : CVE-2022-31792

Products Affected
No products.
CWE
CWE-79