Fireware Os
Monthly
Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privileged authenticated attackers to execute arbitrary code with elevated system privileges via path traversal in the Web UI. The vulnerability requires high-level administrative access (CVSS PR:H) but presents a direct RCE path once authenticated. WatchGuard self-reported this issue with an official advisory available. EPSS and KEV data not provided; no public exploit identified at time of analysis.
Cross-Site Request Forgery (CSRF) in WatchGuard Fireware OS WebUI allows remote attackers to trigger a denial-of-service condition against the Web UI by tricking an authenticated administrator into visiting a malicious webpage. This affects Fireware OS versions 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2. The CVSS v4.0 score of 7.1 reflects high availability impact (VA:H) with no user authentication required (PR:N) but requiring user interaction (UI:P). No public exploit identified at time of analysis, though the attack complexity is low and the CSRF nature makes weaponization straightforward for adversaries targeting firewall administrators.
Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a filesystem write primitive. Affects Fireware OS versions 12.1 through 12.11.8 and 2025.1 through 2026.1.2 on platforms supporting Access Portal (excludes T-15/T-35 models). CVSS 8.4 severity reflects high impact but requires prior high-privilege local access and an existing write vulnerability to exploit. No public exploit identified at time of analysis, with EPSS data unavailable for risk probability assessment.
Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privileged authenticated attackers to execute arbitrary code with elevated system privileges via path traversal in the Web UI. The vulnerability requires high-level administrative access (CVSS PR:H) but presents a direct RCE path once authenticated. WatchGuard self-reported this issue with an official advisory available. EPSS and KEV data not provided; no public exploit identified at time of analysis.
Cross-Site Request Forgery (CSRF) in WatchGuard Fireware OS WebUI allows remote attackers to trigger a denial-of-service condition against the Web UI by tricking an authenticated administrator into visiting a malicious webpage. This affects Fireware OS versions 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2. The CVSS v4.0 score of 7.1 reflects high availability impact (VA:H) with no user authentication required (PR:N) but requiring user interaction (UI:P). No public exploit identified at time of analysis, though the attack complexity is low and the CSRF nature makes weaponization straightforward for adversaries targeting firewall administrators.
Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a filesystem write primitive. Affects Fireware OS versions 12.1 through 12.11.8 and 2025.1 through 2026.1.2 on platforms supporting Access Portal (excludes T-15/T-35 models). CVSS 8.4 severity reflects high impact but requires prior high-privilege local access and an existing write vulnerability to exploit. No public exploit identified at time of analysis, with EPSS data unavailable for risk probability assessment.