Buffer overflow in Watchguard Fireware

CVE-2013-6021

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.

Vulnerability class: Buffer Overflow

EPSS: 0.540 (98.1th percentile) — read the EPSS interpretation.

Affected products

Watchguard Fireware — versions 11.0.2, 11.1, 11.2.3
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cret@cert.org (Exploit, x_refsource_MISC)
29273 (Exploit, exploit, x_refsource_EXPLOIT-DB)
98752 (x_refsource_OSVDB, vdb-entry)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
63227 (Exploit, vdb-entry, x_refsource_BID)
VU#233990 (x_refsource_CERT-VN, US Government Resource, Patch, third-party-advisory)