CVE-2016-7089

HIGH EXPLOITED

WatchGuard RapidStream - Privilege Escalation via Crafted ifconfig Command

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2016-7089 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Shadow Brokers.

AI-analyzed exploit summary The provided text is a placeholder for an exploit (CVE-2016-7089) targeting WatchGuard Firewalls, claiming privilege escalation via ifconfig. It lacks actual exploit code and only references an external binary.

Description

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.

Exploits (1)

exploitdb STUB
by Shadow Brokers · textlocallinux
https://www.exploit-db.com/exploits/40270

The provided text is a placeholder for an exploit (CVE-2016-7089) targeting WatchGuard Firewalls, claiming privilege escalation via ifconfig. It lacks actual exploit code and only references an external binary.

Classification
Stub 90%
Attack Type
Lpe
Complexity
Theoretical
Reliability
Theoretical
Target: WatchGuard Firewalls (version unspecified)
Auth required
Prerequisites: Access to a vulnerable WatchGuard Firewall · Authentication credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92638
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40270/

Scores

CVSS v3 7.8
EPSS 0.0124
EPSS Percentile 65.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2016-09-28
CWE
CWE-264
Status published
Products (1)
watchguard/rapidstream
Published Aug 24, 2016
Tracked Since Feb 18, 2026