In one of the latest pentests projects I had a pleasure to play a bit with latest WatchGuard. Below you'll find some details about it. Here we go...
Today we'll start here:
During the tests I used the "latest" available version of the WatchGuard 12.11 (Firebox) image
(on the date of writing this document 04.02.2025). The bug is in the 'cli' program available after logging into the device via SSH.
This bug looks pretty similar to the one described few days ago (related to Palo Alto).
After your 'lab environment is ready' - we can move directly to the 1st "poc":
As we can see cert-request command is not sanitized properly - so we can crash the target (cli) application. Full request is presented below:
At this stage I was testing few other "possible variants" of command/s I can use (see menu of CLI please):
One more time:
"Full details" about the version I used for testing purposes:
If you want to check some details via webgui - here are some hints to do it:
Command-line-version of the results/logs is presented on the screen below:
Few 'stacktraces' I collected:
At this stage - if you want to go deeper - I believe you'll find it useful;) FYI:
If you want to test it in your environment - feel free to click here. ;)
In case of any questions - you know how to find me.
Brak komentarzy:
Prześlij komentarz