Critical Vulnerability in WatchGuard Firebox Devices Demands Immediate Action
SAN FRANCISCO, CA - May 16, 2024 – WatchGuard Technologies has issued a critical security alert regarding a vulnerability affecting a wide range of its Firebox firewall appliances. Teh flaw could allow a remote attacker to execute arbitrary code, potentially granting them complete control of the device and compromising network security. Administrators are strongly urged to patch vulnerable systems immediately.
The vulnerability impacts Firebox devices running Fireware OS versions prior to 2025.1.x. Specifically, affected models include T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, and FireboxV. WatchGuard serves over 250,000 small and mid-sized businesses globally, through a network of more than 17,000 security resellers and service providers, making the scope of potential impact significant.
While the vulnerability is not currently being actively exploited, security experts warn that firewalls are prime targets for threat actors. the Akira ransomware gang is currently exploiting a year-old critical vulnerability (CVE-2024-40766) in SonicWall firewalls, and in April 2022, the Cybersecurity and Infrastructure Security Agency (CISA) directed federal agencies to patch a WatchGuard vulnerability being exploited by russian state-sponsored hackers.
For administrators unable to immediately patch, WatchGuard provides a temporary workaround involving disabling dynamic peer Branch Office VPN (BOVPNs), adding new firewall policies, and disabling default system VPN policies. Detailed instructions are available in WatchGuard’s support document: https://techsearch.watchguard.com/KB?type=article&SFDCID=kA1Vr000000DMXNKA4&lang=en_US.
