8.8

CVE-2022-25291

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.

Data is provided by the National Vulnerability Database (NVD)
WatchguardFireware Version >= 12.0.0 < 12.1.3
WatchguardFireware Version >= 12.2.0 < 12.5.9
WatchguardFireware Version >= 12.7.0 < 12.7.2
WatchguardFireware Version12.1.3 Update-
WatchguardFireware Version12.1.3 Updateu1
WatchguardFireware Version12.1.3 Updateu2
WatchguardFireware Version12.1.3 Updateu3
WatchguardFireware Version12.1.3 Updateu4
WatchguardFireware Version12.1.3 Updateu5
WatchguardFireware Version12.1.3 Updateu6
WatchguardFireware Version12.1.3 Updateu7
WatchguardFireware Version12.5.9 Update-
WatchguardFireware Version12.5.9 Updateu1
WatchguardFireware Version12.7.2 Update-
WatchguardFireware Version12.7.2 Updateu1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.92% 0.818
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.