Vulnerability Note VU#233990
Watchguard Extensible Threat Management (XTM) appliance version 11.7.4 contains a buffer overflow vulnerability
Watchguard Extensible Threat Management (XTM) version 11.7.4 and possibly earlier versions contain a buffer overflow vulnerability (CWE-121).
CWE-121: Stack-based Buffer Overflow
Watchguard Extensible Threat Management (XTM) version 11.7.4 and possibly earlier versions contain a buffer overflow vulnerability when reading large cookie requests. Remote administration is enabled by default on TCP/8080 for the virtual appliances (XTMv). The physical XTM appliances do not have this feature enabled by default.
A remote unauthenticated attacker may be able to cause a denial of service, or execute arbitrary code on the appliance.
Apply an Update
Restrict access to the Watchguard XTM interface
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Watchguard Technologies, Inc.||Affected||23 Sep 2013||16 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Jerome Nokin (Research and Discovery) and Thierry Zoller (Coordination) from Verizon Enterprise Solutions (GCIS Threat and Vulnerability Management) for reporting this vulnerability.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-6021
- Date Public: 18 Oct 2013
- Date First Published: 18 Oct 2013
- Date Last Updated: 18 Oct 2013
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.