CVE-2024-5974

A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall.
This issue affects Fireware OS: from 11.9.6 through 12.10.3.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WatchGuardCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
watchguardfireware
12.5.12_Update1 ≤
𝑥
≤ 12.5.12_Update1
watchguardfireware
12.10.3 ≤
𝑥
≤ 12.10.3
watchguardfireware
11.9.4 ≤
𝑥
< 12.5.12
watchguardfireware
12.6 ≤
𝑥
< 12.10.4
watchguardfireware
12.5.12:u1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011