DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
|Case lead||Victor Gevers|
|Author||Max van der Horst|
|Product||WatchGuard Firebox & XTM|
|Versions||Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8 and 12.2.x through 12.5.x before 12.5.9.U2.|
|Recommendation||Scan your system with the WSM Cyclops Blink Detector to verify whether or not you have been compromised and patch your system accordingly.|
|Last modified||03 Nov 2022 12:37|
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. This vulnerability is being actively exploited, and it is advised to use the Cyclops Blink Detector to verify your system has not been compromised.
What you can do
- Ensure you have the latest version of Fireware OS and scan your system with the Cyclops Blink Detector.
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
|29 Mar 2022||DIVD starts investigating the scope and impact of the vulnerability.|
|29 Mar 2022||First version of this case file.|
|31 Oct 2022||Decision made to close this case as a non intrusive detection was impossible.|
gantt title DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability (216 days) :2022-03-29, 2022-10-31 section Events DIVD starts investigating the scope and impact of the vulnerability. : milestone, 2022-03-29, 0d First version of this case file. : milestone, 2022-03-29, 0d Decision made to close this case as a non intrusive detection was impossible. : milestone, 2022-10-31, 0d