CVE-2022-31792

A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
watchguardfireware
12.0.0 ≤
𝑥
< 12.1.4
watchguardfireware
12.2.0 ≤
𝑥
< 12.5.10
watchguardfireware
12.6.1:u1
watchguardfireware
12.6.1:u3
watchguardfireware
12.6.3
watchguardfireware
12.6.4
watchguardfireware
12.7.0:u1
watchguardfireware
12.7.1
watchguardfireware
12.7.2:u2
watchguardfireware
12.8.0:u1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00014
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00014