轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202607-00000002
[內容說明]
WatchGuard Firebox 是一款次世代防火牆產品,提供多層次防護,包括防毒、IPS、APT 阻擋及垃圾郵件過濾。近日WatchGuard發布重大資安漏洞公告(CVE-2026-13368,CVSS 4.x:9.2),該漏洞源於 Mobile User VPN with IKEv2 的 LDAP 驗證機制存在競爭條件(Race Condition),進而造成釋放後使用(Use-After-Free)漏洞。
若 Firebox 已設定 Mobile User VPN with IKEv2 並使用外部 LDAP 驗證伺服器,未經身分驗證的遠端攻擊者可利用此漏洞,以iked進程的上下文中執行任意程式碼。
[影響平台]
Fireware OS 2025.1 版本
Fireware OS 12.x 版本
Fireware OS 12.5.x (T15&T13) 版本
Fireware OS 11.x 版本
[建議措施]
請更新至以下版本:Fireware OS 2026.2.1版本、Fireware OS 12.12.1版本
[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-11022-eee7d-1.html
Forwarded Taiwan Computer Emergency Response Team / Coordination Center Security Advisory Alert TWCERTCC-200-202607-00000002
[Description]
WatchGuard Firebox is a next-generation firewall product that provides multi-layered protection, including antivirus, IPS, APT blocking, and spam filtering. Recently, WatchGuard released a critical security vulnerability advisory (CVE-2026-13368,CVSS 4.x:9.2). This vulnerability originates from a race condition in the LDAP authentication mechanism of Mobile User VPN with IKEv2, leading to a use-after-free vulnerability.
If Firebox has Mobile User VPN with IKEv2 configured and uses an external LDAP authentication server, unauthenticated remote attackers can exploit this vulnerability to execute arbitrary code in the context of the iked process.
[Affected Platform]
Fireware OS 2025.1 version
Fireware OS 12.x version
Fireware OS 12.5.x (T15&T13) version
Fireware OS 11.x version
[Recommendations]
Please update to the following versions: Fireware OS 2026.2.1 version, Fireware OS 12.12.1 version
[References]
1.https://www.twcert.org.tw/tw/cp-169-11022-eee7d-1.html