CISA warns of Russian state hackers exploiting WatchGuard bug

CISA has ordered all federal civilian agencies and urged all US organizations to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances

The Cybersecurity and Infrastructure Security Agency has warned of Russian state actors exploiting a bug impacting WatchGuard Firebox and XTM firewall appliances.

Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, reportedly exploited the high severity privilege escalation flaw (CVE-2022-23176) to develop a new botnet, dubbed “Cyclops Blink”, out of WatchGuard Small Office/Home Office (SOHO) network devices.

CISA has rated the bug with a critical threat level, explaining in a security advisory: “WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.”

It is only possible to exploit the flaw if it is configured to allow unrestricted management access from the Internet. All WatchGuard appliances are configured for restricted management access.

CISA has given Federal Civilian Executive Branch Agencies three weeks, until May 2nd, to secure their networks against the vulnerability. Read more:

You can also read this: CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *