CVE-2011-2165

WatchGuard XCS 9.0-9.1 - Command Injection

Title source: llm

Description

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/37440

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://secunia.com/advisories/44753

[US Government Resource] http://www.kb.cert.org/vuls/id/555316

[US Government Resource] http://www.kb.cert.org/vuls/id/MAPG-8D9M75

[Various Sources] http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_1_1/EN_ReleaseNotes_WG_XCS_9_1_TLS_Hotfix.pdf

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/67729

Scores

EPSS 0.0663

EPSS Percentile 91.2%

Details

CWE

CWE-264

Status published

Products (2)

watchguard/xcs 9.0

watchguard/xcs 9.1

Published May 23, 2011

Tracked Since Feb 18, 2026