CVE-2019-14899

rv@kaufmann.dk

Hi,

Is this also a security issue for Watchguard?
https://www.zdnet.com/article/new-vulnerability-lets-attackers-sniff-or-hijack-vpn-connections/

/Robert

greggmh123

On Spiceworks, Bruce Briggs mentioned that it is not an issue.

Bruce_Briggs

What I said there is that V12.5.2 does not address this.
No idea IF XTM is vulnerable to this CVE or not as WG has not responded to Robert's question or posted about it anywhere that I have seen.

greggmh123

@Bruce_Briggs said:
What I said there is that V12.5.2 does not address this.
No idea IF XTM is vulnerable to this CVE or not as WG has not responded to Robert's question or posted about it anywhere that I have seen.

Bruce,

Prior to your edit of your Spicewokrs post (Edited Dec 9, 2019 at 3:28 PM), I thought that you responded to the "I wonder if this issue affects Watchguard https://www.zdnet.com/article/new-vulnerability-lets-attackers-sniff-or-hijack-vpn-connections/" question with something like, "No it does not", meaning that Fireware is not affected by it.

That's why I answered the way I did here.

mboscolo

WathcGuard is working on an official response to this vulnerability. Once the write up is available a link will be provided.

Lou_van_Dyk

Any update from WatchGuard on this?

james.carson

@Lou_van_Dyk
All vulnerabilities and related items are posted in the Knowledge base. You can find this one here:

https://techsearch.watchguard.com/KB?type=Security Issues&SFDCID=kA10H000000g4w5SAA&lang=en_US