WatchGuard Firebox/Fireware OS存在一个远程可利用的越界写入漏洞(CVE-2023-3584),攻击者通过构造特定IKEv2数据包可触发该漏洞,在未认证情况下实现代码执行。该漏洞影响多个版本(如Fireware OS 11.x、12.x及2025.1),可能导致设备完全控制、配置窃取及VPN流量解密等严重后果。尽管尚未发现活跃攻击,但修复建议紧急。 2025-10-29 21:18:48 Author: horizon3.ai(查看原文) 阅读量:18 收藏
WatchGuard Firebox / Fireware OS iked Out‑of‑Bounds Write
A remotely exploitable out‑of‑bounds write in the IKE/IKEv2 handler (iked) of WatchGuard Firebox/Fireware OS can be triggered by specially crafted IKEv2 packets, potentially enabling unauthenticated code execution on vulnerable devices. Affected releases include Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3, and 2025.1; 11.x is end‑of‑life, and patches are available for supported branches. A PoC was made public on October 16.
Successful exploitation can yield full device compromise (persistent shell, configuration theft, VPN credential exposure), allow attackers to decrypt or intercept VPN traffic, pivot into internal networks, and persist in a trusted security appliance — outcomes that lead directly to data theft, lateral movement and long dwell times.
While there is no report of active exploitation, the reach and importance of WatchGuard’s devices makes identifying and patching vulnerable instances urgent, given attackers commonly will seek to weaponize flaws after disclosure.
Find and fix urgent exploitation risk with Rapid Response
Stop Guessing, Start Proving
Read about other CVEs
NodeZero® Platform
Implement a continuous find, fix, and verify loop with NodeZero
The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Recognized By
如有侵权请联系:admin#unsafe.sh