The WatchGuard Fireware OS is a network security platform used to manage and secure networks. This vulnerability allows remote unauthenticated attackers to execute arbitrary code on the device by exploiting an out-of-bounds write in the iked process, which handles IKEv2 authentication.
You're affected if you use An Out-of-bounds Write vulnerability. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
To fix this vulnerability, upgrade to a newer version of WatchGuard Fireware OS. You can download the latest patch from the WatchGuard website:
For Fireware OS 12.0 and later, you can also apply the patch by running the following command:
bash
sudo /opt/firewall/iked -c /var/log/iked.log
If an upgrade isn't possible immediately, consider the following immediate mitigations:
Restrict network access to your Firebox appliance (firewall it from the public internet).