CVE-2024-5974

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5974
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011 Vendor Advisory
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:12.5.12:u1:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_m200:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m300:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m400:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m500:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t10:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t10-d:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t10-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t15-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t30:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t30-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35-r:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t50:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t50-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_xtm1520-rp:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_xtm1525-rp:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_xtm2520:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_xtm850:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_xtm860:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_xtm870:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_xtm870-f:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxt_nv5:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxt_t25:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxt_t45:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxt_t85:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:xtmv:-:*:*:*:*:*:*:*
History

13 Jan 2025, 18:15

Type Values Removed Values Added
Summary (en) A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. (en) A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3.
Information

Published : 2024-07-09 03:15

Updated : 2025-01-13 18:15

NVD link : CVE-2024-5974

Mitre link : CVE-2024-5974

CVE.ORG link : CVE-2024-5974

JSON object : View

Products Affected

watchguard

  • firebox_m290
  • firebox_t10-d
  • firebox_xtm870-f
  • firebox_t55
  • firebox_t30
  • firebox_t10-w
  • fireboxcloud
  • firebox_m570
  • firebox_m440
  • firebox_m370
  • firebox_xtm850
  • firebox_t30-w
  • firebox_t55-w
  • firebox_xtm1520-rp
  • firebox_t40
  • firebox_t35-w
  • firebox_t70
  • firebox_m300
  • firebox_t20
  • fireware
  • firebox_m470
  • firebox_m670
  • firebox_m4800
  • firebox_m5800
  • firebox_t35
  • firebox_t40-w
  • firebox_t50
  • firebox_xtm1525-rp
  • firebox_m400
  • firebox_t15-w
  • firebox_t50-w
  • firebox_t35-r
  • fireboxt_t25
  • firebox_xtm860
  • firebox_m200
  • firebox_m390
  • firebox_m270
  • firebox_t80
  • xtmv
  • firebox_xtm2520
  • firebox_m690
  • firebox_m500
  • firebox_t15
  • fireboxt_nv5
  • fireboxv
  • fireboxt_t45
  • firebox_m590
  • firebox_t20-w
  • firebox_t10
  • fireboxt_t85
  • firebox_xtm870
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')