CVE-2022-26318

critical

Description

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.

References

Exploits
More

https://securityaffairs.com/185779/cyber-warfare-2/russian-state-hackers-targeted-western-critical-infrastructure-for-years-amazon-says.html

https://www.securityweek.com/amazon-russian-hackers-now-favor-misconfigurations-in-critical-infrastructure-attacks/

https://www.infosecurity-magazine.com/news/amazon-russian-gru-hackers-target/

https://thehackernews.com/2025/12/amazon-exposes-years-long-gru-cyber.html

https://cyberscoop.com/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44/

https://www.theregister.com/2025/12/15/amazon_ongoing_gru_campaign/

https://aws.amazon.com/blogs/security/amazon-threat-intelligence-identifies-russian-cyber-threat-group-targeting-western-critical-infrastructure/

https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26318

Details

Source: Mitre, NVD

Published: 2022-03-04

Updated: 2025-11-13

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.92232

Detections

Analytics