[原文]HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.
WatchGuard Firebox SOHO Web Config Server Unauthenticated Access Bypass
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Watchguard Firebox SOHO firewall contains a flaw that may allow a remote attacker to bypass authentication for the Web administration interface. The issue is due to a flaw in the administration authentication that allows an attacker to directly access and modify the firewall's configuration options. By accessing the options directly, the attacker could modify settings or disable service.
Upgrade to version 2.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
SOHO Firewall is an appliance firewall by Watchguard Technologies Inc. designed for Small Office/Home Office users.
It is possible for a remote intruder to gain inappropriate access to the system on which SOHO Firewall resides through specially formed HTTP requests. The web server component will grant access to known files when HTTP requests such as http://target/filename.ext are received. In addition, it is possible to perform administrative tasks such as rebooting SOHO firewall and resetting the administrative password without any authorization. For example, a remote attacker may reset the password by supplying a blank request for the /passcfg object. This will clear the administrative password and will yield access to administrative functions via HTTP.
Watchguard has addressed this vulnerability with the latest release of SOHO Firewall. The latest version can be downloaded at the following location: