CVE-2022-31792
Summary
| CVE | CVE-2022-31792 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-09-06 19:15:00 UTC |
| Updated | 2022-09-09 19:28:00 UTC |
| Description | A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Watchguard | Fireware | All | All | All | All |
| Operating System | Watchguard | Fireware | 12.6.1 | u1 | All | All |
| Operating System | Watchguard | Fireware | 12.6.1 | u3 | All | All |
| Operating System | Watchguard | Fireware | 12.6.3 | All | All | All |
| Operating System | Watchguard | Fireware | 12.6.4 | All | All | All |
| Operating System | Watchguard | Fireware | 12.7.0 | u1 | All | All |
| Operating System | Watchguard | Fireware | 12.7.1 | All | All | All |
| Operating System | Watchguard | Fireware | 12.7.2 | u2 | All | All |
| Operating System | Watchguard | Fireware | 12.8.0 | u1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Firebox WebUI Stored Cross-Site Scripting (XSS) Vulnerability | WatchGuard Technologies | MISC | www.watchguard.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.