Security Alerts




Fireware XTM 11.8.3 Update Corrects XSS Flaw

Overall Severity: Medium Summary: This vulnerability affects: ?WatchGuard Fireware?XTM?11.8.1 and earlier How an attacker exploits it: ?Either by enticing an XTM administrator into clicking a specially crafted link or by directly interacting with the appliance’s web management UI (requires authentication) Impact: ?An attacker can execute script in the context of the XTM management web UI, which could allow him to attempt to phish your credentials or gain access to your cookies or session information What to do: ?Install Fireware XTM 11.8.3 (and limit access to the XTM web management interface) Exposure: Recently, we released WSM and Fireware XTM 11.8.3, which delivers many customer requested fixes and enhancements?to XTM administrators. It also corrects a web application vulnerability reported to us by William Costa (a security researcher and consultant)?via US-CERT’s coordinated disclosure process. Fireware XTM includes a Web UI, which you can use to manage your XTM appliance through a web browser.

Source:
Fireware XTM 11.8.3 Update Corrects XSS Flaw
March 13, 2014 — Category: Security Alerts