Forwarded Taiwan Computer Emergency Response Team / Coordination Center Security Advisory Alert TWCERTCC-200-202607-00000002
[Description]
WatchGuard Firebox is a next-generation firewall product that provides multi-layered protection, including antivirus, IPS, APT blocking, and spam filtering. Recently, WatchGuard released a critical security vulnerability advisory (CVE-2026-13368,CVSS 4.x:9.2). This vulnerability originates from a race condition in the LDAP authentication mechanism of Mobile User VPN with IKEv2, leading to a use-after-free vulnerability.
If Firebox has Mobile User VPN with IKEv2 configured and uses an external LDAP authentication server, unauthenticated remote attackers can exploit this vulnerability to execute arbitrary code in the context of the iked process.
[Affected Platform]
Fireware OS 2025.1 version
Fireware OS 12.x version
Fireware OS 12.5.x (T15&T13) version
Fireware OS 11.x version
[Recommendations]
Please update to the following versions: Fireware OS 2026.2.1 version, Fireware OS 12.12.1 version
[References]
1.https://www.twcert.org.tw/tw/cp-169-11022-eee7d-1.html