CVE-2022-31790 - Vulnerability Details - OpenCVE

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00993.

Key SSVC decision points have not yet been added.

Vendors	Products
Watchguard	Fireware

Configuration 1 [-]

OR	cpe:2.3:o:watchguard:fireware::::::::
	cpe:2.3:o:watchguard:fireware::::::::
	cpe:2.3:o:watchguard:fireware:12.6.1:u1::::::
	cpe:2.3:o:watchguard:fireware:12.6.1:u3::::::
	cpe:2.3:o:watchguard:fireware:12.6.3:::::::*
	cpe:2.3:o:watchguard:fireware:12.6.4:::::::*
	cpe:2.3:o:watchguard:fireware:12.7.0:u1::::::
	cpe:2.3:o:watchguard:fireware:12.7.1:::::::*
	cpe:2.3:o:watchguard:fireware:12.7.2:u2::::::
	cpe:2.3:o:watchguard:fireware:12.8.0:u1::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-53181	WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ambionics.io/blog/hacking-watchguard-firewalls
https://www.openwall.com/lists/oss-security/2022/08/30/2
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-06T17:54:41

Updated: 2024-08-03T07:26:01.128Z

Reserved: 2022-05-27T00:00:00

Link: CVE-2022-31790

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-06T18:15:15.440

Modified: 2024-11-21T07:05:19.793

Link: CVE-2022-31790

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T17:54:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-31790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017", "refsource": "MISC", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}, {"name": "https://www.openwall.com/lists/oss-security/2022/08/30/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"name": "https://www.ambionics.io/blog/hacking-watchguard-firewalls", "refsource": "MISC", "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.128Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-31790", "datePublished": "2022-09-06T17:54:41", "dateReserved": "2022-05-27T00:00:00", "dateUpdated": "2024-08-03T07:26:01.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50E35898-20FC-4D3E-B059-EDFEEB2E19F3", "versionEndExcluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A5359B-EC12-4C13-B9CC-EE1B49DB67AE", "versionEndExcluding": "12.5.10", "versionStartIncluding": "12.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.1:u1:*:*:*:*:*:*", "matchCriteriaId": "2EDC1E95-9077-423E-90F4-928068CA6D74", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.1:u3:*:*:*:*:*:*", "matchCriteriaId": "C557A092-41F2-4325-884C-B4C03E196A56", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "41CE5E56-7E6E-48ED-A619-06BE1DAAABD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "299FC710-1AA1-4D3F-B902-231114B75B94", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.7.0:u1:*:*:*:*:*:*", "matchCriteriaId": "45C56536-625E-4E5A-B77A-CF33CEEBC91D", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "002B43DA-5A94-495D-8736-2FC5997155F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.7.2:u2:*:*:*:*:*:*", "matchCriteriaId": "4B189948-8037-4CB1-A859-0CCB5D9576F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:watchguard:fireware:12.8.0:u1:*:*:*:*:*:*", "matchCriteriaId": "350B4BC0-B366-468B-93BF-366CA72EE5EC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4."}, {"lang": "es", "value": "Los dispositivos WatchGuard Firebox y XTM permiten a un atacante remoto no autenticado recuperar configuraciones confidenciales del servidor de autenticaci\u00f3n mediante el env\u00edo de una petici\u00f3n maliciosa a los endpoints de autenticaci\u00f3n expuestos. Esto ha sido corregido en Fireware OS versiones 12.8.1, 12.5.10 y 12.1.4.\n"}], "id": "CVE-2022-31790", "lastModified": "2024-11-21T07:05:19.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-06T18:15:15.440", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.ambionics.io/blog/hacking-watchguard-firewalls"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00017"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}