Primary

Context

WatchGuard Fireware OS Host Header Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing improper input validation has been identified in WatchGuard Fireware OS versions 12.0 through 12.11. This vulnerability enables an attacker with network access to manipulate the HTTP Host header in requests to the Web UI. Exploitation could lead to redirecting users to malicious websites, poisoning the web cache, or injecting harmful JavaScript into responses from the Web UI.

Impact

Exploitation of this vulnerability could result in host header injection, allowing for redirection to malicious sites, web cache poisoning, or the injection of malicious scripts into web UI responses.

Remediation

Users can upgrade to WatchGuard Fireware OS 12.11.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WatchGuard Fireware OS Host Header Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WatchGuard Fireware OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating