Critical RCE Vulnerability in WatchGuard Firebox Firewalls Under Active Exploitation

WatchGuard has confirmed active exploitation of a critical Out-of-Bounds Write vulnerability in the iked service of Fireware OS, the operating system managing IKEv2 VPN connections on Firebox firewalls. This vulnerability allows for remote code execution (RCE), enabling attackers to execute arbitrary code on affected devices. The iked service, as the IKEv2 daemon, is responsible for handling VPN connections, making this vulnerability particularly severe due to its network-facing nature. Out-of-Bounds Write vulnerabilities occur when a program writes data beyond the intended buffer, potentially leading to memory corruption and arbitrary code execution. The absence of a CVE identifier and specific version information complicates risk assessment and mitigation efforts. However, given the critical nature of firewalls in network security, the active exploitation of this vulnerability poses a significant threat. Organizations using WatchGuard Firebox firewalls should prioritize monitoring for updates and patches from WatchGuard. In the interim, consider implementing compensating controls such as network segmentation and enhanced monitoring of VPN traffic. The lack of detailed technical information underscores the importance of prompt action and close coordination with WatchGuard's advisories.