WatchGuard Firebox XML-RPC Agent Bugs Let Remote Users Determine Validation Usernames and Deny Service on the Target System
Severity Rating: High
- WatchGuard Firebox versions 11.12.1 and prior
Two vulnerabilities were reported in WatchGuard Firebox and can be exploited by the remote attackers to cause denial of service conditions and determine valid usernames on the target system. The vulnerabilities reported are as follows:
1. A remote user can send multiple requests with specially crafted XML data that references an external entity to cause the target XML-RPC agent to crash or degrade performance. As a result, the web user interface may become unavailable for 10 minutes and traffic traversing the firewall may be disrupted or slowed.
2. The XML-RPC agent returns different responses to authentication requests depending on whether the username exists on the system or not. A remote user can send a specially crafted request to the target XML-RPC agent to determine valid usernames on the target system.
Users are advised to apply updates.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street