製品・ソフトウェアに関する情報

JVN脆弱性詳細

WatchGuard Fireware におけるセキュリティ機能に関する脆弱性

Title	WatchGuard Fireware におけるセキュリティ機能に関する脆弱性
Summary	WatchGuard Fireware には、セキュリティ機能に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 11, 2017, midnight
Registration Date	May 24, 2017, 6:15 p.m.
Last Update	May 24, 2017, 6:15 p.m.

Affected System

ウォッチガード・テクノロジー

WatchGuard Fireware 11.12.1 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-8055	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8055
National Vulnerability Database (NVD)
2	CVE-2017-8055	https://nvd.nist.gov/vuln/detail/CVE-2017-8055

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-254	https://cwe.mitre.org/data/definitions/254.html

ベンダー情報

No	Name	URL
WatchGuard
1	Firebox XML-RPC Username Enumeration Vulnerability	http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU
2	Fireware v11.12.2 Update 1 Release Notes	https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html

Change Log

No	Changed Details	Date of change
0	[2017年05月24日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-8055

Summary	WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.
Publication Date	April 23, 2017, 7:59 a.m.
Registration Date	Jan. 26, 2021, 1:29 p.m.
Last Update	Nov. 21, 2024, 12:33 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:watchguard:fireware::::::::			11.2.1

Related information, measures and tools

No	URL	タグ
1	http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU	Vendor Advisory
2	http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU	Vendor Advisory
3	https://packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt	Exploit Third Party Advisory VDB Entry
4	https://packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt	Exploit Third Party Advisory VDB Entry
5	https://www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia	Exploit Third Party Advisory
6	https://www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia	Exploit Third Party Advisory
7	https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html	Release Notes Vendor Advisory
8	https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html	Release Notes Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-203	セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい	https://cwe.mitre.org/data/definitions/203.html