CVE-2022-31791

EUVD-2022-53182
WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
watchguardfireware
12.0.0 ≤
𝑥
< 12.1.4
watchguardfireware
12.2.0 ≤
𝑥
< 12.5.10
watchguardfireware
12.6.1:u1
watchguardfireware
12.6.1:u3
watchguardfireware
12.6.3
watchguardfireware
12.6.4
watchguardfireware
12.7.0:u1
watchguardfireware
12.7.1
watchguardfireware
12.7.2:u2
watchguardfireware
12.8.0:u1
𝑥
= Vulnerable software versions
References
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00018
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00018