Description
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox.
Exploits (1)
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt
Release Notes, Vendor Advisory x_refsource_misc
https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html
Vendor Advisory x_refsource_misc
http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlBSAU
Scores
CVSS v3
5.3
EPSS
0.1138
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (1)
watchguard/fireware
< 11.2.1
Published
Apr 22, 2017
Tracked Since
Feb 18, 2026