CVE-2017-14616
HIGHWatchGuard Fireware < 11.12.4 - Denial of Service via XML-RPC Empty Member Element
Title source: llmDescription
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/archive/1/540427
Exploit, Third Party Advisory x_refsource_misc
https://www.sidertia.com/Home/Community/Blog/2017/09/18/Fixed-Fireware-XXE-DOS-and-stored-XSS-vulnerabilities-discovered-by-Sidertia
Scores
CVSS v3
7.5
EPSS
0.0164
EPSS Percentile
73.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
watchguard/fireware
< 11.12.4
Published
Sep 20, 2017
Tracked Since
Feb 18, 2026