WEB WatchGuard Firebox Authentication Vulnerability (CVE-2022-23176)
CVE-2022-23176 is a privilege escalation vulnerability in WatchGuard Firebox and XTM appliances. The vulnerability could allow a remote, unprivileged threat actor to access the system with a privileged management session via an exposed management access.
Apparently, the flaw has been used by Sandworm, a Russian-sponsored hacking collective, which is most likely part of the GRY Russian military intelligence agency. The CVE-2022-23176 vulnerability has been used to build the Cyclops Blink botnet, using compromised WatchGuard Small Office/Home Office (SOHO) network devices.
The Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its list of exploited flaws, urging organizations to patch their systems.
WatchGuard is aware of the critical issue, and has been working closely with the FBI, CISA, DOJ, and UK NCSC1. As a result of this cooperation, the company developed a remediation for Cyclops Blink that affected “a limited number of WatchGuard firewall appliances”. If you are affected, refer to the company’s advisory for further technical instructions.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: