Watchguard

Fireware

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2025-9242

Medienbericht
  • EPSS 0.3%
  • Veröffentlicht 17.09.2025 07:29:23
  • Zuletzt bearbeitet 17.09.2025 14:18:55

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured...

4.8

CVE-2025-6947

  • EPSS 0.07%
  • Veröffentlicht 15.09.2025 21:18:36
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a lo...

6.9

CVE-2025-6999

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 21:17:51
  • Zuletzt bearbeitet 16.09.2025 12:49:16

An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects ...

4.8

CVE-2025-4805

  • EPSS 0.11%
  • Veröffentlicht 16.05.2025 20:13:47
  • Zuletzt bearbeitet 19.05.2025 13:35:20

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. Th...

4.8

CVE-2025-4804

  • EPSS 0.11%
  • Veröffentlicht 16.05.2025 20:12:44
  • Zuletzt bearbeitet 19.05.2025 13:35:20

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a ...

4.8

CVE-2025-1239

  • EPSS 0.21%
  • Veröffentlicht 14.02.2025 14:15:32
  • Zuletzt bearbeitet 14.02.2025 14:15:32

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a ...

4.8

CVE-2025-1071

  • EPSS 0.21%
  • Veröffentlicht 14.02.2025 14:15:32
  • Zuletzt bearbeitet 14.02.2025 14:15:32

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a ...

5.1

CVE-2025-0178

  • EPSS 0.14%
  • Veröffentlicht 14.02.2025 14:15:32
  • Zuletzt bearbeitet 14.02.2025 14:15:32

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites,...

6.5

CVE-2022-31749

  • EPSS 0.23%
  • Veröffentlicht 28.01.2025 00:15:06
  • Zuletzt bearbeitet 28.01.2025 00:15:06

An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitra...

7.2

CVE-2024-5974

  • EPSS 5.5%
  • Veröffentlicht 09.07.2024 03:15:02
  • Zuletzt bearbeitet 13.01.2025 18:15:19

A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10...