CVE-2022-31791

WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
watchguardfireware
12.0.0 ≤
𝑥
< 12.1.4
watchguardfireware
12.2.0 ≤
𝑥
< 12.5.10
watchguardfireware
12.6.1:u1
watchguardfireware
12.6.1:u3
watchguardfireware
12.6.3
watchguardfireware
12.6.4
watchguardfireware
12.7.0:u1
watchguardfireware
12.7.1
watchguardfireware
12.7.2:u2
watchguardfireware
12.8.0:u1
𝑥
= Vulnerable software versions
References
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00018
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00018