WatchGuard Firebox Remote Code Execution Vulnerability

漏洞信息

漏洞名称： WatchGuard Firebox Remote Code Execution Vulnerability

漏洞编号：

• CVE： CVE-2022-26318

漏洞类型： 命令执行

漏洞等级： 严重

漏洞描述： ### 受影响产品
WatchGuard Firebox和XTM设备是广泛使用的网络安全设备，旨在为企业提供防火墙和威胁管理功能。这些设备通常部署在企业网络边界，用于保护内部网络不受外部威胁的侵害。由于其广泛的应用，这些设备的安全性对保护企业网络至关重要。

漏洞说明

该漏洞属于命令执行类型，存在于Fireware OS中，允许攻击者无需认证即可执行任意代码。漏洞的根本原因在于未对输入进行适当的验证，导致攻击者可以构造恶意请求，绕过认证机制，直接在设备上执行命令。这种类型的漏洞通常由于软件在处理用户输入时的缺陷引起，使得攻击者能够利用这些缺陷执行未授权的操作。

影响分析

此漏洞的安全风险极高，因为它允许未经认证的攻击者远程执行任意代码，可能导致完全控制受影响的设备。攻击者可以利用此漏洞进行数据泄露、服务中断或进一步的内网渗透。由于漏洞利用无需认证，且可以自动化执行，因此其潜在危害非常大。企业应立即采取措施，如应用补丁或配置网络访问控制，以减轻此漏洞带来的风险。

产品厂商： WatchGuard

产品名称： WatchGuard Firebox and XTM appliances

来源： https://github.com/projectdiscovery/nuclei-templates/issues/12725

类型： projectdiscovery/nuclei-templates:github issues

来源概述

Description:

WatchGuard Firebox and XTM appliances contain a remote code execution caused by unauthenticated command execution in Fireware OS, letting attackers execute arbitrary code without authentication, exploit requires unauthenticated access.

Severity: Critical

POC:

• https://github.com/egilas/Watchguard-RCE-POC-CVE-2022-26318
• https://vulncheck.com/xdb/1b92b4418032
• https///github.com:egilas/Watchguard-RCE-POC-CVE-2022-26318.git
• https://github.com/BabyTeam1024/CVE-2022-26318
• https://github.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318
• https://vulncheck.com/xdb/2b6b8cb11413
• https///github.com:h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318.git
• https://github.com/misterxid/watchguard_cve-2022-26318
• https://vulncheck.com/xdb/d1337d2a7e63
• https///github.com:misterxid/watchguard_cve-2022-26318.git

KEV: True

Shodan Query: NA

Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.

Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.

You can check the FAQ for the Nuclei Templates Community Rewards Program here.