Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-57


WatchGuard Firebox XML-RPC Agent Bugs Let Remote Users Determine Validation Usernames and Deny Service on the Target System
Severity Rating: High
Systems Affected:
  • WatchGuard Firebox versions 11.12.1 and prior
Description
Two vulnerabilities were reported in WatchGuard Firebox and can be exploited by the remote attackers to cause denial of service conditions and determine valid usernames on the target system. The vulnerabilities reported are as follows:
 
1.     A remote user can send multiple requests with specially crafted XML data that references an external entity to cause the target XML-RPC agent to crash or degrade performance. As a result, the web user interface may become unavailable for 10 minutes and traffic traversing the firewall may be disrupted or slowed.
 
2.     The XML-RPC agent returns different responses to authentication requests depending on whether the username exists on the system or not. A remote user can send a specially crafted request to the target XML-RPC agent to determine valid usernames on the target system.
 
Solution
 
Users are advised to apply updates.
More information is available on:
 
Vendor Information
Watchguard
 
References
 
Security Tracker
 
Watchguard
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis