CVE-2022-26318

critical-risk
Published 2022-03-04

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.

Do I need to act?

!
92.2% chance of exploitation in next 30 days
EPSS score — higher than 8% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (11)

Affected Vendors

Watchguard

References (3)

Release Notes https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNot...
Release Notes https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNot...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-...
75
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 16/34 · Moderate