CVE-2022-26318

9.8

CVSS
Critical

PUBLISHED

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS...

Exploited in the wild Remote Low complexity No user interaction

Vendor: WatchGuard
Product: Firebox and XTM appliances
Published: Mar 04, 2022
EPSS: —

Description

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.

cisa metasploit

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2022-03-25 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 25, 2022

Scanner integrations

Scanner	Reference	Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318.rb	Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

watchguard_firebox_unauth_rce_cve_2022_26318

metasploit · Created Unknown

Metasploit module for CVE-2022-26318

BabyTeam1024/CVE-2022-26318

github · Created 2022-05-21 11:51:58 UTC · 2 stars

h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318

github · Created 2022-04-18 15:14:30 UTC · 3 stars

Watchguard RCE POC CVE-2022-26318

Vulnerability detail