← back
CVE-2022-31749

Authenticated arbitrary file read/write in WatchGuard Fireware OS

CVSS 6.5 MEDIUMEPSS 1.2%CWE-88
An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
WatchGuard · Fireware OS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.rapid7.com/blog/post/2022/06/23/cve-2022-31749-watchguard-authenticated-arbitrary-file-read-write-fixed/https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2022-00019