CVE-2023-26239

Published Oct 5, 2023

Last updated a year ago

CVSS medium 5.5

Overview

Description: An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-273

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:epp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2361AC95-E9B5-4494-B4D3-A516E92E0180",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:epp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FCB7410D-4F42-49A1-B65F-2F57FBED5591"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:edr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0BB0A60-F997-44F6-9B83-D89525D5E90B",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:edr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9BE98983-49EA-4B3D-B561-509DF3244630"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:epdr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E547FF3-E496-4AF4-8BA4-67D92E104335",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:epdr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC28BE1A-C558-4132-8376-A1177030CB90"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:panda_ad360_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FE92F05-0078-4B53-A282-5C7B9D70F17B",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:panda_ad360:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8521691C-F38A-4E4C-ADE7-717218F2E951"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References