Vulnerability Details CVE-2017-14616
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://www.securityfocus.com/archive/1/540427
- https://www.sidertia.com/Home/Community/Blog/2017/09/18/Fixed-Fireware-XXE-DOS-and-stored-XSS-vulnerabilities-discovered-by-Sidertia
- http://www.securityfocus.com/archive/1/540427
- https://www.sidertia.com/Home/Community/Blog/2017/09/18/Fixed-Fireware-XXE-DOS-and-stored-XSS-vulnerabilities-discovered-by-Sidertia
Products affected by CVE-2017-14616
-
cpe:2.3:o:watchguard:fireware:11.0.2
-
cpe:2.3:o:watchguard:fireware:11.1
-
cpe:2.3:o:watchguard:fireware:11.11
-
cpe:2.3:o:watchguard:fireware:11.12.4
-
cpe:2.3:o:watchguard:fireware:11.2.1
-
cpe:2.3:o:watchguard:fireware:11.2.3
-
cpe:2.3:o:watchguard:fireware:11.3
-
cpe:2.3:o:watchguard:fireware:11.3.6
-
cpe:2.3:o:watchguard:fireware:11.4
-
cpe:2.3:o:watchguard:fireware:11.4.2
-
cpe:2.3:o:watchguard:fireware:11.5.1
-
cpe:2.3:o:watchguard:fireware:11.5.3
-
cpe:2.3:o:watchguard:fireware:11.6
-
cpe:2.3:o:watchguard:fireware:11.6.1
-
cpe:2.3:o:watchguard:fireware:11.6.3
-
cpe:2.3:o:watchguard:fireware:11.6.5
-
cpe:2.3:o:watchguard:fireware:11.6.6
-
cpe:2.3:o:watchguard:fireware:11.7
-
cpe:2.3:o:watchguard:fireware:11.7.2
-
cpe:2.3:o:watchguard:fireware:11.7.3
-
cpe:2.3:o:watchguard:fireware:11.7.4
-
cpe:2.3:o:watchguard:fireware:11.8
-
cpe:2.3:o:watchguard:fireware:11.8.1
-
cpe:2.3:o:watchguard:fireware:11.8.3