Fireware
CVE-2026-3342
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface.
This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
AnalysisAI
WatchGuard Fireware OS contains an out-of-bounds write vulnerability in its management interface that permits authenticated administrators to achieve root-level code execution. The flaw affects versions 11.9 through 11.12.4_Update1, 12.0 through 12.11.7, and 2025.1 through 2026.1.1, with no patch currently available. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Authenticated privileged administrator account on WatchGuard Fireware OS (11.9-11.12.4_Update1, 12.0-12.11.7, or 2025.1-2026.1.1) with access to the exposed management interface; network connectivity to management port required. Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 7.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker (requires authentication) could exploit this vulnerability to an authenticated privileged administrator to execute arbitrary code with root pe. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all WatchGuard Fireware deployments and document current versions; restrict administrative access to the management interface through network segmentation and IP whitelisting. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execut
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensi
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to exe
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to exe
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticate
A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allo
Fireware OS Web UI contains a reflected XSS vulnerability that allows attackers to execute arbitrary JavaScript in authe
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today