An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fireware | Watchguard | 12.0.0 (including) | 12.1.3 (excluding) |
Fireware | Watchguard | 12.2.0 (including) | 12.5.9 (excluding) |
Fireware | Watchguard | 12.7.0 (including) | 12.7.2 (excluding) |
Fireware | Watchguard | 12.1.3 (including) | 12.1.3 (including) |
Fireware | Watchguard | 12.1.3-u1 (including) | 12.1.3-u1 (including) |
Fireware | Watchguard | 12.1.3-u2 (including) | 12.1.3-u2 (including) |
Fireware | Watchguard | 12.1.3-u3 (including) | 12.1.3-u3 (including) |
Fireware | Watchguard | 12.1.3-u4 (including) | 12.1.3-u4 (including) |
Fireware | Watchguard | 12.1.3-u5 (including) | 12.1.3-u5 (including) |
Fireware | Watchguard | 12.1.3-u6 (including) | 12.1.3-u6 (including) |
Fireware | Watchguard | 12.1.3-u7 (including) | 12.1.3-u7 (including) |
Fireware | Watchguard | 12.5.9 (including) | 12.5.9 (including) |
Fireware | Watchguard | 12.5.9-u1 (including) | 12.5.9-u1 (including) |
Fireware | Watchguard | 12.7.2 (including) | 12.7.2 (including) |
Fireware | Watchguard | 12.7.2-u1 (including) | 12.7.2-u1 (including) |